{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2763", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-05-17T15:42:24.664Z", "datePublished": "2023-07-12T07:05:33.333Z", "dateUpdated": "2024-09-05T14:18:20.743Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2024-09-02T08:11:05.503Z"}, "title": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "SOLIDWORKS Desktop", "versions": [{"status": "affected", "version": "Release SOLIDWORKS 2021 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1", "versionType": "custom"}, {"status": "affected", "version": "Release SOLIDWORKS 2022 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5", "versionType": "custom"}, {"status": "affected", "version": "Release SOLIDWORKS 2023 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "credits": [{"lang": "en", "value": "Mat Powell from Trend Micro's Zero Day Initiative", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.467Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T14:17:47.900906Z", "id": "CVE-2023-2763", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:18:20.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.467Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2763", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-05T14:17:47.900906Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:18:14.744Z"}}], "cna": {"title": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mat Powell from Trend Micro's Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "SOLIDWORKS Desktop", "versions": [{"status": "affected", "version": "Release SOLIDWORKS 2021 Golden", "versionType": "custom", "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1"}, {"status": "affected", "version": "Release SOLIDWORKS 2022 Golden", "versionType": "custom", "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5"}, {"status": "affected", "version": "Release SOLIDWORKS 2023 Golden", "versionType": "custom", "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.", "supportingMedia": [{"type": "text/html", "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2024-09-02T08:11:05.503Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2763", "state": "PUBLISHED", "dateUpdated": "2024-09-05T14:18:20.743Z", "dateReserved": "2023-05-17T15:42:24.664Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2023-07-12T07:05:33.333Z", "assignerShortName": "3DS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEDAD2EF-39E2-4F55-ADCD-8B7FBFA2E2AA", "versionEndIncluding": "2023", "versionStartIncluding": "2021", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."}], "id": "CVE-2023-2763", "lastModified": "2024-11-21T07:59:14.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-12T08:15:10.010", "references": [{"source": "3DS.Information-Security@3ds.com", "tags": ["Vendor Advisory"], "url": "https://www.3ds.com/vulnerability/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.3ds.com/vulnerability/advisories"}], "sourceIdentifier": "3DS.Information-Security@3ds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}], "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}