CVE-2021-32940

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.1HIGH

EPSS

0.3%

top 48.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opendesign Drawings SDK Siemens Comos Siemens Jt2go +1 more

Timeline

PublishedJun 17

Latest updateMay 24

Description

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

▶NVDopendesign/drawings_sdk< 2022.5

▶CVEListV5drawings_sdkAll versions prior to 2022.4

▶NVDsiemens/comos< 10.4.1

▶NVDsiemens/jt2go< 13.2.0.1

▶NVDsiemens/teamcenter_visualization< 13.2.0.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-83gc-qhg5-655q: An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022↗2022-05-24

▶

CVEList

CVE-2021-32940: An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022↗2021-06-17

▶