CVE-2023-38532

CWE-770 — Allocation without Limits3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.0%

top 85.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Parasolid V34.1 Siemens Parasolid V35.0 Siemens Parasolid V35.1 +5 more

Timeline

PublishedAug 8

Description

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause de…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages8 packages

▶NVDsiemens/teamcenter_visualization14.1 — 14.1.0.11+2

▶CVEListV5siemens/teamcenter_visualization_v14.1< V14.1.0.11

▶CVEListV5siemens/teamcenter_visualization_v14.2< V14.2.0.6

▶CVEListV5siemens/teamcenter_visualization_v14.3< V14.3.0.3

▶NVDsiemens/parasolid34.1 — 34.1.258+2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-vpcq-345r-vgx9: A vulnerability has been identified in Parasolid V34↗2023-08-08

▶

CVEList

CVE-2023-38532: A vulnerability has been identified in Parasolid V34↗2023-08-08

▶