CVE-2021-32952

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 40.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Siemens ComosSiemens Jt2goSiemens Teamcenter Visualization+1 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5drawings_sdkVersion 2022.4 and prior
NVDsiemens/comos< 10.4.1
NVDsiemens/jt2go< 13.2.0.2

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-p368-c945-f4gq: An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 20222022-05-24
CVEList
CVE-2021-32952: An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 20222021-06-17