CVE-2023-5180 - OpenCVE

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opendesign	Drawings Sdk

Configuration 1 [-]

cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.opendesign.com/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: ODA

Published: 2023-12-26T08:35:37.619Z

Updated: 2024-08-02T07:52:07.647Z

Reserved: 2023-09-25T17:08:17.255Z

Link: CVE-2023-5180

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-26T09:15:07.197

Modified: 2024-01-04T15:43:40.260

Link: CVE-2023-5180

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5180", "assignerOrgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "state": "PUBLISHED", "assignerShortName": "ODA", "dateReserved": "2023-09-25T17:08:17.255Z", "datePublished": "2023-12-26T08:35:37.619Z", "dateUpdated": "2024-08-02T07:52:07.647Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ODA Drawings SDK - All Versions < 2024.12", "vendor": "Open Design Alliance", "versions": [{"lessThan": "2024.12", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Seyit S\u0131\u011f\u0131rc\u0131"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."}], "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "To exploit vulnerability, malicious DGN file should be read by ODA Drawings SDK."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "shortName": "ODA", "dateUpdated": "2023-12-26T08:35:40.093Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.opendesign.com/security-advisories"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:07.647Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.opendesign.com/security-advisories"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DFA8267-F3BE-470D-8077-A46EAD298F27", "versionEndExcluding": "2024.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Design Alliance\nDrawings SDK before 2024.12. A corrupted value of number\nof sectors used by the Fat structure in a crafted DGN file leads to an\nout-of-bounds write. An attacker can leverage this vulnerability to execute\ncode in the context of the current process."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Open Design Alliance Drawings SDK antes del 2024.12. Un valor corrupto del n\u00famero de sectores utilizados por la estructura Fat en un archivo DGN dise\u00f1ado provoca una escritura fuera de los l\u00edmites. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual."}], "id": "CVE-2023-5180", "lastModified": "2024-01-04T15:43:40.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "type": "Secondary"}]}, "published": "2023-12-26T09:15:07.197", "references": [{"source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "tags": ["Vendor Advisory"], "url": "https://www.opendesign.com/security-advisories"}], "sourceIdentifier": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "type": "Secondary"}]}