Vulnerability Description
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opendesign | Drawings Sdk | < 2022.11 |
Related Weaknesses (CWE)
References
- https://www.opendesign.com/security-advisoriesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1281/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1291/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1351/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1357/Third Party AdvisoryVDB Entry
- https://www.opendesign.com/security-advisoriesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1281/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1291/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1351/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1357/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-43273?
CVE-2021-43273 is a vulnerability with a CVSS score of 3.3 (LOW). An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can ...
How severe is CVE-2021-43273?
CVE-2021-43273 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43273?
Check the references section above for vendor advisories and patch information. Affected products include: Opendesign Drawings Sdk.