Common Weakness Enumeration

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CVE-2024-21640 (GCVE-0-2024-21640)

Vulnerability from cvelistv5 – Published: 2024-01-13 07:40 – Updated: 2025-06-17 21:09
VLAI
Title
OOB Access in CefVideoConsumerOSR::OnFrameCaptured
Summary
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
Severity
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
chromiumembedded cef Affected: < commit 1f55d2e
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh"
          },
          {
            "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21640",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-16T16:19:20.541192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:09:22.073Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cef",
          "vendor": "chromiumembedded",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c commit 1f55d2e"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-13T07:40:10.324Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh"
        },
        {
          "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"
        }
      ],
      "source": {
        "advisory": "GHSA-3h3j-38xq-v7hh",
        "discovery": "UNKNOWN"
      },
      "title": "OOB Access in CefVideoConsumerOSR::OnFrameCaptured"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21640",
    "datePublished": "2024-01-13T07:40:10.324Z",
    "dateReserved": "2023-12-29T03:00:44.957Z",
    "dateUpdated": "2025-06-17T21:09:22.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21920 (GCVE-0-2024-21920)

Vulnerability from cvelistv5 – Published: 2024-03-26 15:48 – Updated: 2024-08-06 18:02
VLAI
Title
Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Rockwell Automation Arena Simulation Affected: Version 16.00 - 16.20.02
Create a notification for this product.
Date Public
2024-03-26 14:00
Credits
Michael Heinzl
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21920",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T18:02:20.851838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:02:34.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arena Simulation",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "Version 16.00 - 16.20.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Heinzl"
        }
      ],
      "datePublic": "2024-03-26T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\n\nA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-26T15:48:59.735Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted files from unknown sources.\u003c/li\u003e\u003cli\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/li\u003e\u003c/ul\u003e\n\n"
            }
          ],
          "value": "\n  *  Do not open untrusted files from unknown sources.\n  *  For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-21920",
    "datePublished": "2024-03-26T15:48:59.735Z",
    "dateReserved": "2024-01-03T16:40:50.368Z",
    "dateUpdated": "2024-08-06T18:02:34.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21950 (GCVE-0-2024-21950)

Vulnerability from cvelistv5 – Published: 2026-05-15 03:00 – Updated: 2026-05-15 11:12
VLAI
Summary
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
Severity
1.8 (Low)
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
AMD
References
Impacted products
Date Public
2026-05-15 03:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T11:12:24.735247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T11:12:35.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122  MI300X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122  MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122  MI325X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122  MI308X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        }
      ],
      "datePublic": "2026-05-15T03:00:09.088Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.\u003cbr\u003e"
            }
          ],
          "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "privilegesRequired": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125  Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T03:00:25.843Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21950",
    "datePublished": "2026-05-15T03:00:25.843Z",
    "dateReserved": "2024-01-03T16:43:21.323Z",
    "dateUpdated": "2026-05-15T11:12:35.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-22004 (GCVE-0-2024-22004)

Vulnerability from cvelistv5 – Published: 2024-04-05 18:03 – Updated: 2024-08-01 22:35
VLAI
Title
Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read
Summary
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application
Severity
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Google Nest Wifi Pro Affected: v11
Create a notification for this product.
google nest_wifi_pro_firmware Affected: 11
    cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nest_wifi_pro_firmware",
            "vendor": "google",
            "versions": [
              {
                "status": "affected",
                "version": "11"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T15:53:35.353686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T15:55:01.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nest Wifi Pro",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "v11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ememory from the Trusted Application\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u00a0memory from the Trusted Application\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-456",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-456 Infected Memory"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-05T18:03:23.151Z",
        "orgId": "83238938-5644-45f0-9007-c0392bcf6222",
        "shortName": "Google_Devices"
      },
      "references": [
        {
          "url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
    "assignerShortName": "Google_Devices",
    "cveId": "CVE-2024-22004",
    "datePublished": "2024-04-05T18:03:23.151Z",
    "dateReserved": "2024-01-03T21:00:57.455Z",
    "dateUpdated": "2024-08-01T22:35:34.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22040 (GCVE-0-2024-22040)

Vulnerability from cvelistv5 – Published: 2024-03-12 10:21 – Updated: 2025-12-16 18:13
VLAI
Summary
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Siemens Cerberus PRO EN Engineering Tool Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Cerberus PRO EN Fire Panel FC72x IP6 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Cerberus PRO EN Fire Panel FC72x IP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Cerberus PRO EN Fire Panel FC72x IP8 Affected: 0 , < IP8 SR4 (custom)
Create a notification for this product.
Siemens Cerberus PRO EN X200 Cloud Distribution IP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Cerberus PRO EN X200 Cloud Distribution IP8 Affected: 0 , < V4.3.5618 (custom)
Create a notification for this product.
Siemens Cerberus PRO EN X300 Cloud Distribution IP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Cerberus PRO EN X300 Cloud Distribution IP8 Affected: 0 , < V4.3.5617 (custom)
Create a notification for this product.
Siemens Cerberus PRO UL Compact Panel FC922/924 Affected: 0 , < MP4 (custom)
Create a notification for this product.
Siemens Cerberus PRO UL Engineering Tool Affected: 0 , < MP4 (custom)
Create a notification for this product.
Siemens Cerberus PRO UL X300 Cloud Distribution Affected: 0 , < V4.3.0001 (custom)
Create a notification for this product.
Siemens Desigo Fire Safety UL Compact Panel FC2025/2050 Affected: 0 , < MP4 (custom)
Create a notification for this product.
Siemens Desigo Fire Safety UL Engineering Tool Affected: 0 , < MP4 (custom)
Create a notification for this product.
Siemens Desigo Fire Safety UL X300 Cloud Distribution Affected: 0 , < V4.3.0001 (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN Engineering Tool Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN Fire Panel FC20 MP6 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN Fire Panel FC20 MP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN Fire Panel FC20 MP8 Affected: 0 , < MP8 SR4 (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN X200 Cloud Distribution MP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN X200 Cloud Distribution MP8 Affected: 0 , < V4.3.5618 (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN X300 Cloud Distribution MP7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Sinteso FS20 EN X300 Cloud Distribution MP8 Affected: 0 , < V4.3.5617 (custom)
Create a notification for this product.
Siemens Sinteso Mobile Affected: 0 , < * (custom)
Create a notification for this product.
siemens cerberus_pro_en_engineering_tool Affected: -
    cpe:2.3:a:siemens:cerberus_pro_en_engineering_tool:-:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_en_fire_panel_fc72x Affected: -
    cpe:2.3:a:siemens:cerberus_pro_en_fire_panel_fc72x:-:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_en_x300_cloud_distribution Affected: -
    cpe:2.3:a:siemens:cerberus_pro_en_x300_cloud_distribution:-:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_ul_compact_panel Affected: *
    cpe:2.3:a:siemens:cerberus_pro_ul_compact_panel:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_en_x200_cloud_distribution Affected: -
    cpe:2.3:a:siemens:cerberus_pro_en_x200_cloud_distribution:-:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_ul_engineering_tool Affected: *
    cpe:2.3:a:siemens:cerberus_pro_ul_engineering_tool:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens cerberus_pro_ul_x300_cloud Affected: *
    cpe:2.3:a:siemens:cerberus_pro_ul_x300_cloud:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens desigo_fire_safety_ul_compact_panel Affected: 0 , < mp4 (custom)
    cpe:2.3:a:siemens:desigo_fire_safety_ul_compact_panel:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens desigo_fire_safety_ul_engineering_tool Affected: 0 , < v4.3.0001 (custom)
    cpe:2.3:a:siemens:desigo_fire_safety_ul_engineering_tool:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens sinteso_fs20_en_fire_panel_fc20 Affected: -
    cpe:2.3:a:siemens:sinteso_fs20_en_fire_panel_fc20:-:*:*:*:*:*:*:*
 Create a notification for this product.
siemens sinteso_fs20_en_x200_cloud_distribution Affected: *
    cpe:2.3:a:siemens:sinteso_fs20_en_x200_cloud_distribution:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens sinteso_fs20_en_x300_cloud_distribution Affected: *
    cpe:2.3:a:siemens:sinteso_fs20_en_x300_cloud_distribution:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens sinteso_mobile Affected: *
    cpe:2.3:a:siemens:sinteso_mobile:*:*:*:*:*:*:*:*
 Create a notification for this product.
siemens sinteso_fs20_en_engineering_tool Affected: *
    cpe:2.3:a:siemens:sinteso_fs20_en_engineering_tool:*:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_en_engineering_tool:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_en_engineering_tool",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_en_fire_panel_fc72x:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_en_fire_panel_fc72x",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_en_x300_cloud_distribution:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_en_x300_cloud_distribution",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_ul_compact_panel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_ul_compact_panel",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_en_x200_cloud_distribution:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_en_x200_cloud_distribution",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_ul_engineering_tool:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_ul_engineering_tool",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:cerberus_pro_ul_x300_cloud:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cerberus_pro_ul_x300_cloud",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:desigo_fire_safety_ul_compact_panel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "desigo_fire_safety_ul_compact_panel",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "mp4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:desigo_fire_safety_ul_engineering_tool:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "desigo_fire_safety_ul_engineering_tool",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v4.3.0001",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinteso_fs20_en_fire_panel_fc20:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinteso_fs20_en_fire_panel_fc20",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinteso_fs20_en_x200_cloud_distribution:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinteso_fs20_en_x200_cloud_distribution",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinteso_fs20_en_x300_cloud_distribution:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinteso_fs20_en_x300_cloud_distribution",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinteso_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinteso_mobile",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinteso_fs20_en_engineering_tool:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinteso_fs20_en_engineering_tool",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T04:00:57.470187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:13:22.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN Engineering Tool",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN Fire Panel FC72x IP6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN Fire Panel FC72x IP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN Fire Panel FC72x IP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "IP8 SR4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN X200 Cloud Distribution IP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN X200 Cloud Distribution IP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.5618",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN X300 Cloud Distribution IP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO EN X300 Cloud Distribution IP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.5617",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO UL Compact Panel FC922/924",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "MP4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO UL Engineering Tool",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "MP4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cerberus PRO UL X300 Cloud Distribution",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.0001",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Desigo Fire Safety UL Compact Panel FC2025/2050",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "MP4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Desigo Fire Safety UL Engineering Tool",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "MP4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Desigo Fire Safety UL X300 Cloud Distribution",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.0001",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN Engineering Tool",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN Fire Panel FC20 MP6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN Fire Panel FC20 MP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN Fire Panel FC20 MP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "MP8 SR4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN X200 Cloud Distribution MP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN X200 Cloud Distribution MP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.5618",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN X300 Cloud Distribution MP7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso FS20 EN X300 Cloud Distribution MP8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.5617",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Sinteso Mobile",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions \u003c IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions \u003c V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions \u003c V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions \u003c MP4), Cerberus PRO UL Engineering Tool (All versions \u003c MP4), Cerberus PRO UL X300 Cloud Distribution (All versions \u003c V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions \u003c MP4), Desigo Fire Safety UL Engineering Tool (All versions \u003c MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions \u003c V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions \u003c MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions \u003c V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions \u003c V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\r\nThis could allow an unauthenticated remote attacker to crash the network service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T07:23:53.096Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-22040",
    "datePublished": "2024-03-12T10:21:54.934Z",
    "dateReserved": "2024-01-04T13:24:07.552Z",
    "dateUpdated": "2025-12-16T18:13:22.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-22384 (GCVE-0-2024-22384)

Vulnerability from cvelistv5 – Published: 2024-05-16 20:47 – Updated: 2024-08-01 22:43
VLAI
Summary
Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.
Severity
2.8 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • information disclosure
  • CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
Vendor Product Version
n/a Intel(R) Trace Analyzer and Collector software Affected: before version 2022.0.0 published Nov 2023
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T12:41:00.739733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:52:52.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Trace Analyzer and Collector software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 2022.0.0 published Nov 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:47:37.779Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-22384",
    "datePublished": "2024-05-16T20:47:37.779Z",
    "dateReserved": "2024-01-17T04:00:22.746Z",
    "dateUpdated": "2024-08-01T22:43:34.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23140 (GCVE-0-2024-23140)

Vulnerability from cvelistv5 – Published: 2024-06-25 01:01 – Updated: 2025-08-26 20:41
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad Affected: 2024
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk advance_steel Affected: 2024
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk civil_3d Affected: 2024
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_architecture Affected: 2024
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_electrical Affected: 2024
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_map_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_mechanical Affected: 2024
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_mep Affected: 2024
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_plant_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:57:54.776746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:41:02.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:28:58.804Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23140",
    "datePublished": "2024-06-25T01:01:56.652Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-08-26T20:41:02.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23143 (GCVE-0-2024-23143)

Vulnerability from cvelistv5 – Published: 2024-06-25 02:05 – Updated: 2025-08-26 20:42
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad Affected: 2024
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk advance_steel Affected: 2024
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk civil_3d Affected: 2024
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_architecture Affected: 2024
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_electrical Affected: 2024
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_map_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_mechanical Affected: 2024
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_mep Affected: 2024
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad_plant_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23143",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:32:09.443136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:42:33.770Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:36:10.079Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23143",
    "datePublished": "2024-06-25T02:05:33.461Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-08-26T20:42:33.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23145 (GCVE-0-2024-23145)

Vulnerability from cvelistv5 – Published: 2024-06-25 02:27 – Updated: 2025-08-26 20:43
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk autocad Affected: 2024
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk advance_steel Affected: 2024
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
 Create a notification for this product.
autodesk civil_3d Affected: 2024
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:30:24.476007Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:43:36.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:37:11.829Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23145",
    "datePublished": "2024-06-25T02:27:23.995Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-08-26T20:43:36.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23149 (GCVE-0-2024-23149)

Vulnerability from cvelistv5 – Published: 2024-06-25 02:43 – Updated: 2025-08-26 20:44
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23149",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:18:08.558926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:44:46.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:40:38.458Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23149",
    "datePublished": "2024-06-25T02:43:08.569Z",
    "dateReserved": "2024-01-11T21:51:21.127Z",
    "dateUpdated": "2025-08-26T20:44:46.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}
Mitigation ID: MIT-5

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation

Phase: Architecture and Design

Strategy: Language Selection

Description:

  • Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Back to CWE stats page