CVE-2021-40158 — Out-of-bounds Read in Advance Steel

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 36.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Advance Steel Autodesk Autocad Autodesk Autocad Architecture +8 more

Timeline

PublishedJan 25

Latest updateFeb 11

Description

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

▶NVDautodesk/autocad2022 — 2022.1.2

▶NVDautodesk/inventor2022 — 2022.2+3

▶NVDautodesk/autocad_lt2022 — 2022.1.2

▶NVDautodesk/autocad_mep2022 — 2022.1.2

▶NVDautodesk/autocad_map_3d2022 — 2022.1.2

🔴Vulnerability Details

GHSA

GHSA-8pc8-96q3-294c: A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file↗2022-02-11

▶

CVEList

CVE-2021-40158: A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when pars↗2022-01-25

▶