CVE-2021-43391

{"id": "CVE-2021-43391", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-11-14T21:15:08.353", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", "source": "cve@mitre.org"}, {"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites cuando es le\u00eddo un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. El problema espec\u00edfico es presentado en el an\u00e1lisis de los archivos DXF. Los datos dise\u00f1ados en un archivo DXF (un contador de guiones no v\u00e1lido en los tipos de l\u00edneas) pueden desencadenar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2024-11-21T06:29:08.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2517E46B-54DB-49E1-88DB-905365792054", "versionEndExcluding": "2022.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}