CVE-2022-2950 - OpenCVE

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Altair	Hyperview Player

Configuration 1 [-]

cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-12-13T20:29:03.353Z

Updated: 2024-08-03T00:52:59.825Z

Reserved: 2022-08-22T19:31:09.323Z

Link: CVE-2022-2950

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-13T21:15:11.510

Modified: 2023-11-07T03:47:07.890

Link: CVE-2022-2950

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2950", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a", "dateReserved": "2022-08-22T19:31:09.323Z", "datePublished": "2022-12-13T20:29:03.353Z", "dateUpdated": "2024-08-03T00:52:59.825Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HyperView Player", "vendor": "Altair", "versions": [{"lessThanOrEqual": "2021.1.0.27", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tran Van Khang of VinCSS working with Trend Micro Zero Day Initiative (ZDI) reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Altair HyperView Player</span> versions 2021.1.0.27 and prior ar<span style=\"background-color: rgb(255, 255, 255);\">e vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.</span>\n\n</p>\n\n"}], "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior\u00a0are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-13T20:29:03.353Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Mitigation measures have been added to the latest version of </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://altairone.com/Marketplace?queryText=HyperView&app=HyperWorks&tab=Info\">HyperView Player v2022.1</a><span style=\"background-color: rgb(255, 255, 255);\">. Altair One recommends users apply the update to mitigate these vulnerabilities.</span>\n\n<br>"}], "value": "\nMitigation measures have been added to the latest version of HyperView Player v2022.1 https://altairone.com/Marketplace . Altair One recommends users apply the update to mitigate these vulnerabilities.\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.825Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AB19D33-042C-437F-9872-73769D79311C", "versionEndIncluding": "2021.1.0.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior\u00a0are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.\n\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones 2021.1.0.27 y anteriores de Altair HyperView Player son afectados por el uso de una vulnerabilidad de memoria no inicializada durante el an\u00e1lisis de archivos H3D. Un DWORD se extrae de un b\u00fafer no inicializado y, despu\u00e9s de la extensi\u00f3n del signo, se utiliza como \u00edndice en una variable de pila para incrementar un contador que provoca da\u00f1os en la memoria."}], "id": "CVE-2022-2950", "lastModified": "2023-11-07T03:47:07.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-13T21:15:11.510", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}