nvd-json-data-feeds/CVE-2022/CVE-2022-29xx/CVE-2022-2949.json

{
  "id": "CVE-2022-2949",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2022-12-13T21:15:11.427",
  "lastModified": "2024-11-21T07:01:58.460",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nAltair HyperView Player\u00a0versions 2021.1.0.27 and prior\u00a0are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.\n\n\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "Las versiones 2021.1.0.27 y anteriores de Altair HyperView Player son afectados por el uso de vulnerabilidad de memoria no inicializada durante el an\u00e1lisis de archivos H3D. Un DWORD se extrae de un b\u00fafer no inicializado y, despu\u00e9s de la extensi\u00f3n del signo, se utiliza como \u00edndice en una variable de pila para incrementar un contador que provoca da\u00f1os en la memoria."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:altair:hyperview_player:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2021.1.0.27",
              "matchCriteriaId": "8AB19D33-042C-437F-9872-73769D79311C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}