diff --git a/cves/2024/8xxx/CVE-2024-8587.json b/cves/2024/8xxx/CVE-2024-8587.json index 3b36b9e6aad7..41f9e5321bac 100644 --- a/cves/2024/8xxx/CVE-2024-8587.json +++ b/cves/2024/8xxx/CVE-2024-8587.json @@ -8,52 +8,105 @@ "assignerShortName": "autodesk", "dateReserved": "2024-09-09T03:01:59.536Z", "datePublished": "2024-10-29T21:03:58.156Z", - "dateUpdated": "2024-12-12T22:26:56.487Z" + "dateUpdated": "2024-12-16T00:07:44.300Z" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", - "shortName": "autodesk", - "dateUpdated": "2024-12-12T22:26:56.487Z" - }, - "problemTypes": [ + "affected": [ + { + "defaultStatus": "unaffected", + "platforms": [ + "Windows" + ], + "product": "AutoCAD", + "vendor": "Autodesk", + "versions": [ + { + "status": "affected", + "version": "2025.1", + "versionType": "cpe" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process." + } + ], + "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process." + } + ], + "impacts": [ { + "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", - "description": "CWE-122 Heap-based Buffer Overflow" + "value": "CAPEC-100 Overflow Buffers" } ] } ], - "affected": [ + "metrics": [ { - "vendor": "Autodesk", - "product": "AutoCAD", - "cpes": [ - "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*" - ], - "versions": [ + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ { - "version": "2025.1", - "status": "affected" + "lang": "en", + "value": "GENERAL" } - ], - "defaultStatus": "unaffected" + ] } ], - "descriptions": [ + "problemTypes": [ { - "lang": "en", - "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process." + "descriptions": [ + { + "cweId": "CWE-122", + "description": "CWE-122 Heap-based Buffer Overflow", + "lang": "en", + "type": "CWE" + } + ] } ], + "providerMetadata": { + "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", + "shortName": "autodesk", + "dateUpdated": "2024-12-16T00:07:44.300Z" + }, "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019" } - ] + ], + "source": { + "discovery": "UNKNOWN" + }, + "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } }, "adp": [ { diff --git a/cves/delta.json b/cves/delta.json index 2b14e43f0df9..193b35c13a24 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,14 +1,14 @@ { - "fetchTime": "2024-12-15T23:26:05.698Z", + "fetchTime": "2024-12-16T00:14:20.621Z", "numberOfChanges": 1, - "new": [ + "new": [], + "updated": [ { - "cveId": "CVE-2024-8798", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8798", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8798.json", - "dateUpdated": "2024-12-15T23:23:31.173Z" + "cveId": "CVE-2024-8587", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8587", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8587.json", + "dateUpdated": "2024-12-16T00:07:44.300Z" } ], - "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index a481f64fc39f..fcc7f1e3dbf1 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2024-12-16T00:14:20.621Z", + "numberOfChanges": 1, + "new": [], + "updated": [ + { + "cveId": "CVE-2024-8587", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8587", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8587.json", + "dateUpdated": "2024-12-16T00:07:44.300Z" + } + ], + "error": [] + }, { "fetchTime": "2024-12-15T23:26:05.698Z", "numberOfChanges": 1,