nvd-json-data-feeds/CVE-2024/CVE-2024-18xx/CVE-2024-1848.json

{
  "id": "CVE-2024-1848",
  "sourceIdentifier": "3DS.Information-Security@3ds.com",
  "published": "2024-03-22T11:15:46.633",
  "lastModified": "2024-03-22T12:45:36.130",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.\nThese vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file."
    },
    {
      "lang": "es",
      "value": "Existen vulnerabilidades de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, corrupci\u00f3n de memoria, lectura fuera de los l\u00edmites, escritura fuera de los l\u00edmites, desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, confusi\u00f3n de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en SOLIDWORKS Desktop en la versi\u00f3n SOLIDWORKS 2024. Estas vulnerabilidades podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "3DS.Information-Security@3ds.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "3DS.Information-Security@3ds.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-416"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        },
        {
          "lang": "en",
          "value": "CWE-843"
        },
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.3ds.com/vulnerability/advisories",
      "source": "3DS.Information-Security@3ds.com"
    }
  ]
}
Auto-Update: 2024-03-22T13:00:38.389982+00:00 2024-03-22 13:03:26 +00:00			`{`
			`"id": "CVE-2024-1848",`
			`"sourceIdentifier": "3DS.Information-Security@3ds.com",`
			`"published": "2024-03-22T11:15:46.633",`
			`"lastModified": "2024-03-22T12:45:36.130",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2024-03-22T13:00:38.389982+00:00 2024-03-22 13:03:26 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.\nThese vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file."`
Auto-Update: 2024-04-04T08:42:25.815847+00:00 2024-04-04 08:46:00 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, corrupci\u00f3n de memoria, lectura fuera de los l\u00edmites, escritura fuera de los l\u00edmites, desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, confusi\u00f3n de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en SOLIDWORKS Desktop en la versi\u00f3n SOLIDWORKS 2024. Estas vulnerabilidades podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario al abrir un archivo CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B o X_T especialmente manipulado."
Auto-Update: 2024-03-22T13:00:38.389982+00:00 2024-03-22 13:03:26 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "3DS.Information-Security@3ds.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "3DS.Information-Security@3ds.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-125"`
			`},`
			`{`
			`"lang": "en",`
			`"value": "CWE-416"`
			`},`
			`{`
			`"lang": "en",`
			`"value": "CWE-787"`
			`},`
			`{`
			`"lang": "en",`
			`"value": "CWE-843"`
			`},`
			`{`
			`"lang": "en",`
			`"value": "CWE-908"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.3ds.com/vulnerability/advisories",`
			`"source": "3DS.Information-Security@3ds.com"`
			`}`
			`]`
			`}`