CVE-2022-2951 - OpenCVE

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Altair	Hyperview Player

Configuration 1 [-]

cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-12-13T20:27:48.693Z

Updated: 2024-08-03T00:53:00.516Z

Reserved: 2022-08-22T19:31:43.879Z

Link: CVE-2022-2951

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-13T21:15:11.587

Modified: 2023-11-07T03:47:08.130

Link: CVE-2022-2951

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2951", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a", "dateReserved": "2022-08-22T19:31:43.879Z", "datePublished": "2022-12-13T20:27:48.693Z", "dateUpdated": "2024-08-03T00:53:00.516Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HyperView Player", "vendor": "Altair", "versions": [{"lessThanOrEqual": "2021.1.0.27", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tran Van Khang of VinCSS working with Trend Micro Zero Day Initiative (ZDI) reported these vulnerabilities to CISA"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Altair HyperView Player</span><span style=\"background-color: rgb(255, 255, 255);\"> versions 2021.1.0.27 and prior</span><span style=\"background-color: rgb(255, 255, 255);\"> ar</span><span style=\"background-color: rgb(255, 255, 255);\">e <span style=\"background-color: rgb(255, 255, 255);\">vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption.</span></span>\n\n<br></p>\n\n"}], "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior\u00a0are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption.\n\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-13T20:27:48.693Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Mitigation measures have been added to the latest version of </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://altairone.com/Marketplace?queryText=HyperView&app=HyperWorks&tab=Info\">HyperView Player v2022.1</a><span style=\"background-color: rgb(255, 255, 255);\">. Altair One recommends users apply the update to mitigate these vulnerabilities.</span>\n\n<br>"}], "value": "\nMitigation measures have been added to the latest version of HyperView Player v2022.1 https://altairone.com/Marketplace . Altair One recommends users apply the update to mitigate these vulnerabilities.\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:53:00.516Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AB19D33-042C-437F-9872-73769D79311C", "versionEndIncluding": "2021.1.0.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior\u00a0are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption.\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones 2021.1.0.27 y anteriores de Altair HyperView Player son vulnerables a una validaci\u00f3n incorrecta de la vulnerabilidad del \u00edndice de matriz durante el procesamiento de archivos H3D. Se extrae un valor DWORD de un archivo PoC y se utiliza como \u00edndice para escribir a un b\u00fafer, lo que provoca da\u00f1os en la memoria."}], "id": "CVE-2022-2951", "lastModified": "2023-11-07T03:47:08.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-13T21:15:11.587", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}