Vulnerability-Lookup

CVE-2020-7083 (GCVE-0-2020-7083)

Vulnerability from cvelistv5 – Published: 2020-04-17 17:53 – Updated: 2024-08-04 09:18

Summary

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

Severity ?

No CVSS data available.

CWE

Integer overflow vulnerability

Assigner

autodesk

References

URL

Tags

https://www.autodesk.com/trust/security-advisorie…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Autodesk FBX-SDK	Affected: 2019.0 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk FBX-SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer overflow vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-17T17:53:07",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2020-7083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk FBX-SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer overflow vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2020-7083",
    "datePublished": "2020-04-17T17:53:07",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7083\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2020-04-17T18:15:12.117\",\"lastModified\":\"2024-11-21T05:36:37.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento de enteros en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una denegaci\u00f3n de servicio de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2019.0\",\"matchCriteriaId\":\"EADE790E-9DE7-441A-9140-44B9EE972DD1\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-26855

Vulnerability from cnvd - Published: 2020-05-07

Title

Autodesk FBX-SDK拒绝服务漏洞（CNVD-2020-26855）

Description

Autodesk FBX-SDK是美国欧特克（Autodesk）公司的一款C++软件开发平台和API工具包，它主要用于将现有内容转换为FBX格式。 Autodesk FBX-SDK 2019.0及之前版本中存在安全漏洞。攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

Autodesk FBX-SDK拒绝服务漏洞（CNVD-2020-26855）的补丁

Patch Description

Autodesk FBX-SDK是美国欧特克（Autodesk）公司的一款C++软件开发平台和API工具包，它主要用于将现有内容转换为FBX格式。 Autodesk FBX-SDK 2019.0及之前版本中存在安全漏洞。攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7083

Impacted products

Name
Autodesk FBX-SDK <=2019.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7083"
    }
  },
  "description": "Autodesk FBX-SDK\u662f\u7f8e\u56fd\u6b27\u7279\u514b\uff08Autodesk\uff09\u516c\u53f8\u7684\u4e00\u6b3eC++\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\u548cAPI\u5de5\u5177\u5305\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5c06\u73b0\u6709\u5185\u5bb9\u8f6c\u6362\u4e3aFBX\u683c\u5f0f\u3002\n\nAutodesk FBX-SDK 2019.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-26855",
  "openTime": "2020-05-07",
  "patchDescription": "Autodesk FBX-SDK\u662f\u7f8e\u56fd\u6b27\u7279\u514b\uff08Autodesk\uff09\u516c\u53f8\u7684\u4e00\u6b3eC++\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\u548cAPI\u5de5\u5177\u5305\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5c06\u73b0\u6709\u5185\u5bb9\u8f6c\u6362\u4e3aFBX\u683c\u5f0f\u3002\r\n\r\nAutodesk FBX-SDK 2019.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Autodesk FBX-SDK\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-26855\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Autodesk FBX-SDK \u003c=2019.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7083",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-20",
  "title": "Autodesk FBX-SDK\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-26855\uff09"
}

GHSA-37CC-5CQG-XX92

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-05-24 17:15

Details

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7083"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-17T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.",
  "id": "GHSA-37cc-5cqg-xx92",
  "modified": "2022-05-24T17:15:45Z",
  "published": "2022-05-24T17:15:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7083"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-7083

Vulnerability from fkie_nvd - Published: 2020-04-17 18:15 - Updated: 2024-11-21 05:36

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

References

	URL	Tags
	psirt@autodesk.com	https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002	Vendor Advisory

Impacted products

	Vendor	Product	Version
	autodesk	fbx_software_development_kit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADE790E-9DE7-441A-9140-44B9EE972DD1",
              "versionEndIncluding": "2019.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de enteros en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una denegaci\u00f3n de servicio de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2020-7083",
  "lastModified": "2024-11-21T05:36:37.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-17T18:15:12.117",
  "references": [
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    }
  ],
  "sourceIdentifier": "psirt@autodesk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-ALE-011

Vulnerability from certfr_alerte - Published: 2020-04-22 - Updated: 2020-06-23

Le 21 avril 2020, Microsoft a publié un avis de sécurité annonçant la sortie d'un correctif pour multiples vulnérabilités affectant ses produits qui utilisent la bibliothèque Autodesk FBX.

Ces vulnérabilités permettent à un attaquant d'exécuter du code arbitraire à distance si un utilisateur ouvre un fichier spécialement conçu comprenant du contenu 3D.

Le CERT-FR recommande l'application des correctifs dans les plus brefs délais.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Microsoft annonce qu'il n'existe pas de mesure de contournement pour ces vulnérabilités.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Office 365 ProPlus pour systèmes 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Office 365 ProPlus pour systèmes 64 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Paint 3D
Microsoft	Office	Microsoft Office 2016 Click-to-Run (C2R) pour éditions 64 bits
Microsoft	Office	Microsoft Office 2016 Click-to-Run (C2R) pour éditions 32 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Autodesk adsk-sa-2020-0002 du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Microsoft ADV200004 du 21 avril 2020	None	vendor-advisory
Avis CERT-FR CERTFR-2020-AVI-236 du 22 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Paint 3D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 Click-to-Run (C2R) pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 Click-to-Run (C2R) pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2020-06-23",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nMicrosoft annonce qu\u0027il n\u0027existe pas de mesure de contournement pour ces\nvuln\u00e9rabilit\u00e9s.\n",
  "cves": [
    {
      "name": "CVE-2020-7085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7085"
    },
    {
      "name": "CVE-2020-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7082"
    },
    {
      "name": "CVE-2020-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7081"
    },
    {
      "name": "CVE-2020-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7083"
    },
    {
      "name": "CVE-2020-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7080"
    },
    {
      "name": "CVE-2020-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7084"
    }
  ],
  "initial_release_date": "2020-04-22T00:00:00",
  "last_revision_date": "2020-06-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-ALE-011",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-22T00:00:00.000000"
    },
    {
      "description": "Correction de la date du bulletin de s\u00e9curit\u00e9 Autodesk",
      "revision_date": "2020-04-23T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2020-06-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 21 avril 2020, Microsoft a publi\u00e9 un avis de s\u00e9curit\u00e9 annon\u00e7ant la\nsortie d\u0027un correctif pour multiples vuln\u00e9rabilit\u00e9s affectant ses\nproduits qui utilisent la biblioth\u00e8que Autodesk FBX.\n\nCes vuln\u00e9rabilit\u00e9s permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance si un utilisateur ouvre un fichier\u00a0sp\u00e9cialement\ncon\u00e7u comprenant du contenu\u00a03D.\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs\nd\u00e9lais.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft qui utilisent la biblioth\u00e8que Autodesk FBX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Autodesk adsk-sa-2020-0002 du 15 avril 2020",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV200004 du 21 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/advisory/ADV200004"
    },
    {
      "published_at": null,
      "title": "Avis CERT-FR CERTFR-2020-AVI-236 du 22 avril 2020",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-236/"
    }
  ]
}

GSD-2020-7083

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

Aliases

CVE-2020-7083

Aliases

CVE-2020-7083

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7083",
    "description": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.",
    "id": "GSD-2020-7083"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7083"
      ],
      "details": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.",
      "id": "GSD-2020-7083",
      "modified": "2023-12-13T01:21:52.255469Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@autodesk.com",
        "ID": "CVE-2020-7083",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Autodesk FBX-SDK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2019.0 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Integer overflow vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002",
            "refsource": "MISC",
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2019.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2020-7083"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-04-23T13:40Z",
      "publishedDate": "2020-04-17T18:15Z"
    }
  }
}

CERTFR-2020-AVI-236

Vulnerability from certfr_avis - Published: 2020-04-22 - Updated: 2020-04-23

De multiples vulnérabilités ont été découvertes dans les produits Microsoft qui utilisent la bibliothèque Autodesk FBX. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Office 365 ProPlus pour systèmes 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Office 365 ProPlus pour systèmes 64 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Paint 3D
Microsoft	Office	Microsoft Office 2016 Click-to-Run (C2R) pour éditions 64 bits
Microsoft	Office	Microsoft Office 2016 Click-to-Run (C2R) pour éditions 32 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ADV200004 du 21 avril 2020	None	vendor-advisory
Bulletin de sécurité Autodesk adsk-sa-2020-0002 du 15 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Paint 3D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 Click-to-Run (C2R) pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 Click-to-Run (C2R) pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7085"
    },
    {
      "name": "CVE-2020-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7081"
    },
    {
      "name": "CVE-2020-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7082"
    },
    {
      "name": "CVE-2020-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7083"
    },
    {
      "name": "CVE-2020-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7080"
    },
    {
      "name": "CVE-2020-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7084"
    }
  ],
  "initial_release_date": "2020-04-22T00:00:00",
  "last_revision_date": "2020-04-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-236",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-22T00:00:00.000000"
    },
    {
      "description": "Correction de la date du bulletin de s\u00e9curit\u00e9 Autodesk",
      "revision_date": "2020-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMicrosoft qui utilisent la biblioth\u00e8que Autodesk FBX. Elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft qui utilisent la biblioth\u00e8que Autodesk FBX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV200004 du 21 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/advisory/ADV200004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Autodesk adsk-sa-2020-0002 du 15 avril 2020",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7083 (GCVE-0-2020-7083)

CNVD-2020-26855

GHSA-37CC-5CQG-XX92

FKIE_CVE-2020-7083

CERTFR-2020-ALE-011

Solution

Contournement provisoire

GSD-2020-7083

CERTFR-2020-AVI-236

Solution

Tags

Sightings

Nomenclature