CVE-2023-25005

Опубликовано: 12 мая 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

Ссылки

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006
Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*

Версия от 2021.0 (включая) до 2021.2 (исключая)

cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*

Версия от 2023.0 (включая) до 2023.1 (исключая)

cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_3:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_4:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_5:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_6:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_7:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_8:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_9:*:*:*:*:*:*

cpe:2.3:a:autodesk:infraworks:2023.1:-:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00079

Низкий

7.8 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

GHSA-fvwx-63p4-jv5q