Skip to content

Commit

Permalink
1 changes (0 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 0 new CVEs:
      - 1 updated CVEs: CVE-2024-8587
  • Loading branch information
cvelistV5 Github Action committed Dec 16, 2024
1 parent fa7a0be commit 16f3eb3
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 30 deletions.
99 changes: 76 additions & 23 deletions cves/2024/8xxx/CVE-2024-8587.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,52 +8,105 @@
"assignerShortName": "autodesk",
"dateReserved": "2024-09-09T03:01:59.536Z",
"datePublished": "2024-10-29T21:03:58.156Z",
"dateUpdated": "2024-12-12T22:26:56.487Z"
"dateUpdated": "2024-12-16T00:07:44.300Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk",
"dateUpdated": "2024-12-12T22:26:56.487Z"
},
"problemTypes": [
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"description": "CWE-122 Heap-based Buffer Overflow"
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"affected": [
"metrics": [
{
"vendor": "Autodesk",
"product": "AutoCAD",
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
],
"versions": [
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"version": "2025.1",
"status": "affected"
"lang": "en",
"value": "GENERAL"
}
],
"defaultStatus": "unaffected"
]
}
],
"descriptions": [
"problemTypes": [
{
"lang": "en",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk",
"dateUpdated": "2024-12-16T00:07:44.300Z"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
]
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
},
"adp": [
{
Expand Down
14 changes: 7 additions & 7 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"fetchTime": "2024-12-15T23:26:05.698Z",
"fetchTime": "2024-12-16T00:14:20.621Z",
"numberOfChanges": 1,
"new": [
"new": [],
"updated": [
{
"cveId": "CVE-2024-8798",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8798",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8798.json",
"dateUpdated": "2024-12-15T23:23:31.173Z"
"cveId": "CVE-2024-8587",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8587",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8587.json",
"dateUpdated": "2024-12-16T00:07:44.300Z"
}
],
"updated": [],
"error": []
}
14 changes: 14 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
[
{
"fetchTime": "2024-12-16T00:14:20.621Z",
"numberOfChanges": 1,
"new": [],
"updated": [
{
"cveId": "CVE-2024-8587",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8587",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8587.json",
"dateUpdated": "2024-12-16T00:07:44.300Z"
}
],
"error": []
},
{
"fetchTime": "2024-12-15T23:26:05.698Z",
"numberOfChanges": 1,
Expand Down

0 comments on commit 16f3eb3

Please sign in to comment.