CVE-2023-5179

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.opendesign.com/security-advisories	Vendor Advisory
https://www.opendesign.com/security-advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:41

Type	Values Removed	Values Added
References	~~() https://www.opendesign.com/security-advisories - Vendor Advisory~~	() https://www.opendesign.com/security-advisories - Vendor Advisory

14 Nov 2023, 21:29

Type	Values Removed	Values Added
CWE		CWE-125
References	~~() https://www.opendesign.com/security-advisories -~~	() https://www.opendesign.com/security-advisories - Vendor Advisory
CPE		cpe:2.3:a:opendesign:drawings_sdk::::::::
First Time		Opendesign drawings Sdk Opendesign
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

07 Nov 2023, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 16:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5179

Mitre link : CVE-2023-5179

CVE.ORG link : CVE-2023-5179

JSON object : View

Products Affected

opendesign

drawings_sdk

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-5179", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-07T16:15:29.550", "references": [{"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}, {"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. \n\n\n\n\n"}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Open Design Alliance Drawings SDK antes de la versi\u00f3n 2024.10. Un valor da\u00f1ado para el inicio del sector MiniFat en un archivo DGN manipulado genera una lectura fuera de los l\u00edmites. Esto puede permitir a los atacantes provocar un bloqueo, lo que podr\u00eda permitir un ataque de Denegaci\u00f3n de Servicio (DoS) (bloqueo, salida o reinicio) o una posible ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2024-11-21T08:41:14.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "163A6555-0C98-45A6-99E1-E7DF7D977DE8", "versionEndExcluding": "2024.10"}], "operator": "OR"}]}], "sourceIdentifier": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}