CVE-2022-2947 - OpenCVE

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Altair	Hyperview Player

Configuration 1 [-]

cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-12-13T20:31:17.649Z

Updated: 2024-08-03T00:53:00.502Z

Reserved: 2022-08-22T19:29:14.234Z

Link: CVE-2022-2947

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-13T21:15:11.343

Modified: 2023-11-07T03:47:07.230

Link: CVE-2022-2947

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2947", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a", "dateReserved": "2022-08-22T19:29:14.234Z", "datePublished": "2022-12-13T20:31:17.649Z", "dateUpdated": "2024-08-03T00:53:00.502Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HyperView Player", "vendor": "Altair", "versions": [{"lessThanOrEqual": "2021.1.0.27", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tran Van Khang of VinCSS working with Trend Micro Zero Day Initiative (ZDI) reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Altair HyperView Player</span> versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.</p>\n\n"}], "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-13T20:31:17.649Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Mitigation measures have been added to the latest version of </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://altairone.com/Marketplace?queryText=HyperView&app=HyperWorks&tab=Info\">HyperView Player v2022.1</a><span style=\"background-color: rgb(255, 255, 255);\">. Altair One recommends users apply the update to mitigate these vulnerabilities.</span>\n\n<br>"}], "value": "\nMitigation measures have been added to the latest version of HyperView Player v2022.1 https://altairone.com/Marketplace . Altair One recommends users apply the update to mitigate these vulnerabilities.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:53:00.502Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AB19D33-042C-437F-9872-73769D79311C", "versionEndIncluding": "2021.1.0.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.\n\n\n\n"}, {"lang": "es", "value": "Las versiones 2021.1.0.27 y anteriores de Altair HyperView Player realizan operaciones en un b\u00fafer de memoria, pero pueden leer o escribir en una ubicaci\u00f3n de memoria fuera del l\u00edmite previsto del b\u00fafer. Inicialmente, esto se considera una violaci\u00f3n del acceso de lectura, lo que lleva a una situaci\u00f3n de corrupci\u00f3n de la memoria."}], "id": "CVE-2022-2947", "lastModified": "2023-11-07T03:47:07.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-13T21:15:11.343", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}