CVE-2021-27043

CWE-787Out-of-bounds WriteCWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 55.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Autodesk Advance SteelAutodesk AutocadAutodesk Autocad Architecture+8 more
Timeline
PublishedJun 25
Latest updateMay 24

Description

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

NVDautodesk/autocad20192019.1.3+3
NVDautodesk/civil_3d20192019.1.3+3
NVDautodesk/autocad_lt20192019.1.3+3
NVDautodesk/autocad_mep20192019.1.3+3
NVDautodesk/dwg_trueview20222022.1.1

🔴Vulnerability Details

2
GHSA
GHSA-vwxh-hr5c-v523: An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths2022-05-24
CVEList
CVE-2021-27043: An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths2021-06-25
CVE-2021-27043 (HIGH CVSS 7.8) | An Arbitrary Address Write issue in | cvebase.io