Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ODA Drawings SDK - All Versions < 2024.12 by Open Design Alliance

    CVE-2023-5180 (GCVE-0-2023-5180)

    Vulnerability from nvd – Published: 2023-12-26 08:35 – Updated: 2024-08-02 07:52
    VLAI
    Title
    Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12
    Summary
    An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.
    CWE
    Assigner
    ODA
    References
    Impacted products
    Credits
    Seyit Sığırcı
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:07.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.opendesign.com/security-advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ODA Drawings SDK - All Versions \u003c 2024.12",
              "vendor": "Open Design Alliance",
              "versions": [
                {
                  "lessThan": "2024.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Seyit S\u0131\u011f\u0131rc\u0131"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."
                }
              ],
              "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "To exploit vulnerability, malicious DGN file should be read by ODA Drawings SDK."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-26T08:35:40.093Z",
            "orgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
            "shortName": "ODA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.opendesign.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
        "assignerShortName": "ODA",
        "cveId": "CVE-2023-5180",
        "datePublished": "2023-12-26T08:35:37.619Z",
        "dateReserved": "2023-09-25T17:08:17.255Z",
        "dateUpdated": "2024-08-02T07:52:07.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5180 (GCVE-0-2023-5180)

    Vulnerability from cvelistv5 – Published: 2023-12-26 08:35 – Updated: 2024-08-02 07:52
    VLAI
    Title
    Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12
    Summary
    An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.
    CWE
    Assigner
    ODA
    References
    Impacted products
    Credits
    Seyit Sığırcı
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:07.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.opendesign.com/security-advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ODA Drawings SDK - All Versions \u003c 2024.12",
              "vendor": "Open Design Alliance",
              "versions": [
                {
                  "lessThan": "2024.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Seyit S\u0131\u011f\u0131rc\u0131"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."
                }
              ],
              "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "To exploit vulnerability, malicious DGN file should be read by ODA Drawings SDK."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-26T08:35:40.093Z",
            "orgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
            "shortName": "ODA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.opendesign.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea",
        "assignerShortName": "ODA",
        "cveId": "CVE-2023-5180",
        "datePublished": "2023-12-26T08:35:37.619Z",
        "dateReserved": "2023-09-25T17:08:17.255Z",
        "dateUpdated": "2024-08-02T07:52:07.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }