CVE-2021-43273

{"id": "CVE-2021-43273", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2021-11-14T21:15:07.900", "references": [{"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1281/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1291/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1351/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1357/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en el procedimiento de lectura de archivos DGN en Open Design Alliance Drawings SDK versiones anteriores a 2022.11. Los datos dise\u00f1ados en un archivo DGN y la falta de verificaci\u00f3n de los datos de entrada pueden desencadenar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2021-11-30T20:23:13.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5DAE0CA-FFA9-4478-B94C-DBA07C49E54E", "versionEndExcluding": "2022.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}