CVE-2022-33886 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-33886

Modified

More Info Official Page

Source-psirt@autodesk.com

Published At-03 Oct, 2022 | 15:15

Updated At-17 Apr, 2023 | 21:15

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

>>autocad>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*

>>autocad>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*

>>autocad_advance_steel>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*

>>autocad_advance_steel>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*

>>autocad_architecture>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*

>>autocad_architecture>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*

>>autocad_civil_3d>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*

>>autocad_civil_3d>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*

>>autocad_electrical>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*

>>autocad_electrical>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*

>>autocad_lt>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*

>>autocad_lt>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*

>>autocad_map_3d>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*

>>autocad_map_3d>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*

>>autocad_mechanical>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*

>>autocad_mechanical>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*

>>autocad_mep>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*

>>autocad_mep>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*

>>autocad_plant_3d>>Versions from 2022(inclusive) to 2022.1.3(exclusive)

cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*

>>autocad_plant_3d>>Versions from 2023(inclusive) to 2023.1.1(exclusive)

cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-755	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020	psirt@autodesk.com	Vendor Advisory