CWE-457
Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
CVE-2023-31326 (GCVE-0-2023-31326)
Vulnerability from cvelistv5
Published
2025-09-06 16:48
Modified
2025-09-08 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-31326", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T20:04:35.581719Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T20:04:43.607Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Renoir-FP6_ 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 1009" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI210", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI250", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V710 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "datePublic": "2025-09-06T16:27:46.642Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. \u003cbr\u003e" } ], "value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457 Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T16:48:43.991Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-31326", "datePublished": "2025-09-06T16:48:43.991Z", "dateReserved": "2023-04-27T15:25:41.424Z", "dateUpdated": "2025-09-08T20:04:43.607Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23137 (GCVE-0-2024-23137)
Vulnerability from cvelistv5
Published
2024-02-22 04:49
Modified
2025-08-28 14:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.0.1 Version: 2024 < 2024.1.3 Version: 2023 < 2023.1.5 Version: 2022 < 2022.1.4 Version: 2021 < 2021.1.4 cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_advance_steel", "vendor": "autodesk", "versions": [ { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_civil_3d", "vendor": "autodesk", "versions": [ { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad", "vendor": "autodesk", "versions": [ { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-23137", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T14:01:49.435037Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-26T16:24:17.429Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:59:30.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002" }, { "tags": [ "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004" }, { "tags": [ "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Architecture", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Electrical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Mechanical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MEP", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Plant 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "Civil 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Advance Steel", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MAP 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.0.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.5", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.4", "status": "affected", "version": "2022", "versionType": "custom" }, { "lessThan": "2021.1.4", "status": "affected", "version": "2021", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-28T14:27:03.473Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002" }, { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004" }, { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009" } ], "source": { "discovery": "EXTERNAL" }, "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-23137", "datePublished": "2024-02-22T04:49:50.154Z", "dateReserved": "2024-01-11T21:47:40.857Z", "dateUpdated": "2025-08-28T14:27:03.473Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23159 (GCVE-0-2024-23159)
Vulnerability from cvelistv5
Published
2024-06-25 03:33
Modified
2025-08-26 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1 Version: 2024 < 2024.1.5 Version: 2023 < 2023.1.6 Version: 2022 < 2022.1.5 cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "advance_steel", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "civil_3d", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_architecture", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_electrical", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_map_3d", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_mechanical", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_mep", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autocad_plant_3d", "vendor": "autodesk", "versions": [ { "status": "affected", "version": "2024" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23159", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-27T20:33:57.567211Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-26T20:48:14.038Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:59:31.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Architecture", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Electrical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Mechanical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MEP", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Plant 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Civil 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Advance Steel", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MAP 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.5", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-26T17:53:08.997Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010" } ], "source": { "discovery": "EXTERNAL" }, "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-23159", "datePublished": "2024-06-25T03:33:00.849Z", "dateReserved": "2024-01-11T21:51:41.602Z", "dateUpdated": "2025-08-26T20:48:14.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-37002 (GCVE-0-2024-37002)
Vulnerability from cvelistv5
Published
2024-06-25 03:07
Modified
2025-08-27 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1 Version: 2024 < 2024.1.4 Version: 2023 < 2023.1.6 Version: 2022 < 2022.1.5 cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37002", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T13:12:54.230669Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-27T21:14:27.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Architecture", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Electrical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Mechanical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MEP", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Plant 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Civil 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Advance Steel", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MAP 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.6", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.5", "status": "affected", "version": "2022", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-26T17:57:35.571Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009" } ], "source": { "discovery": "EXTERNAL" }, "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2024-37002", "datePublished": "2024-06-25T03:07:28.673Z", "dateReserved": "2024-05-30T20:11:46.549Z", "dateUpdated": "2025-08-27T21:14:27.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45615 (GCVE-0-2024-45615)
Vulnerability from cvelistv5
Published
2024-09-03 21:19
Modified
2025-07-29 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-45615 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2309285 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
|||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45615", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T13:31:03.434412Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T13:31:12.425Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/OpenSC/OpenSC", "defaultStatus": "unaffected", "packageName": "libopensc", "versions": [ { "lessThan": "0.26.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue." } ], "datePublic": "2024-09-02T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. \nThe problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.)." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T14:14:50.305Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-45615" }, { "name": "RHBZ#2309285", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309285" } ], "timeline": [ { "lang": "en", "time": "2024-09-02T18:12:21.612000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-02T00:00:00+00:00", "value": "Made public." } ], "title": "Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init", "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-45615", "datePublished": "2024-09-03T21:19:51.000Z", "dateReserved": "2024-09-02T18:28:35.895Z", "dateUpdated": "2025-07-29T14:14:50.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45616 (GCVE-0-2024-45616)
Vulnerability from cvelistv5
Published
2024-09-03 21:20
Modified
2025-07-29 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-45616 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2309290 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
|||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45616", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T13:30:13.114133Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T13:30:22.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/OpenSC/OpenSC", "defaultStatus": "unaffected", "packageName": "libopensc", "versions": [ { "lessThan": "0.26.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue." } ], "datePublic": "2024-09-02T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. \n\nThe following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T14:16:44.994Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-45616" }, { "name": "RHBZ#2309290", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309290" } ], "timeline": [ { "lang": "en", "time": "2024-09-02T18:12:44.347000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-02T00:00:00+00:00", "value": "Made public." } ], "title": "Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc", "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-45616", "datePublished": "2024-09-03T21:20:22.459Z", "dateReserved": "2024-09-02T18:28:35.895Z", "dateUpdated": "2025-07-29T14:16:44.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45617 (GCVE-0-2024-45617)
Vulnerability from cvelistv5
Published
2024-09-03 21:20
Modified
2025-07-29 14:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-45617 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2309286 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
|||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45617", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T13:29:27.537151Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T13:29:36.631Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/OpenSC/OpenSC", "defaultStatus": "unaffected", "packageName": "libopensc", "versions": [ { "lessThan": "0.26.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue." } ], "datePublic": "2024-09-02T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. \n\nInsufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T14:17:09.338Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-45617" }, { "name": "RHBZ#2309286", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309286" } ], "timeline": [ { "lang": "en", "time": "2024-09-02T18:12:44.486000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-02T00:00:00+00:00", "value": "Made public." } ], "title": "Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc", "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-45617", "datePublished": "2024-09-03T21:20:53.782Z", "dateReserved": "2024-09-02T18:28:35.895Z", "dateUpdated": "2025-07-29T14:17:09.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45618 (GCVE-0-2024-45618)
Vulnerability from cvelistv5
Published
2024-09-03 21:21
Modified
2025-07-29 14:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-45618 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2309287 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45618", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T13:28:34.094182Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T13:28:44.379Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/OpenSC/OpenSC", "defaultStatus": "affected", "packageName": "libopensc" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "opensc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue." } ], "datePublic": "2024-09-02T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. \n\nInsufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T14:17:32.036Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-45618" }, { "name": "RHBZ#2309287", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309287" } ], "timeline": [ { "lang": "en", "time": "2024-09-02T18:12:45.252000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-02T00:00:00+00:00", "value": "Made public." } ], "title": "Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init", "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-45618", "datePublished": "2024-09-03T21:21:25.869Z", "dateReserved": "2024-09-02T18:28:35.896Z", "dateUpdated": "2025-07-29T14:17:32.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-9355 (GCVE-0-2024-9355)
Vulnerability from cvelistv5
Published
2024-10-01 18:17
Modified
2025-09-12 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:10133 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7502 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7550 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8327 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8678 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:8847 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:9551 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2025:2416 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2025:7118 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2025:7256 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2025:7624 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-9355 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2315719 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9355", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T18:35:51.670441Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T18:37:53.436Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/golang-fips/openssl", "defaultStatus": "affected", "packageName": "github.com/golang-fips/openssl" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_els:7" ], "defaultStatus": "affected", "packageName": "rhc-worker-script", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.10-2.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "go-toolset:rhel8", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020241001112709.a3795dee", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-20.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-9.el8_10", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.21.13-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-19.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:132-1.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.6.1-1.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.4::appstream" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-4.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_satellite_client:6::el8", "cpe:/a:redhat:rhel_satellite_client:6::el9" ], "defaultStatus": "affected", "packageName": "foreman_ygg_worker", "product": "Satellite Client 6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.3.1-1.el8sat", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_satellite_client:6::el8", "cpe:/a:redhat:rhel_satellite_client:6::el9" ], "defaultStatus": "affected", "packageName": "foreman_ygg_worker", "product": "Satellite Client 6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.3.1-1.el9sat", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "packageName": "golang-github-danielqsj-kafka_exporter", "product": "Streams for Apache Kafka 2.9.0", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:network_bound_disk_encryption_tang:1" ], "defaultStatus": "affected", "packageName": "tang-operator-bundle-container", "product": "NBDE Tang Server", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "helm", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "packageName": "odo", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "packageName": "openshift-pipelines-client", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "helm", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat Ansible Automation Platform 1.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "packageName": "automation-gateway-proxy", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "packageName": "receptor", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "butane", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "containers-common", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "delve", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "golang-github-openprinting-ipp-usb", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "grafana", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "ignition", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "podman", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "rsyslog", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "toolbox", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "yggdrasil", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "yggdrasil-worker-package-manager", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "host-metering", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/conmon", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/containernetworking-plugins", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/runc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/skopeo", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/toolbox", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "git-lfs", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "osbuild-composer", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "rhc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "rsyslog", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "grafana-pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "opentelemetry-collector", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "rsyslog", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "toolbox", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "weldr-client", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "buildah", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "butane", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "conmon", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "conmon-rs", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "containernetworking-plugins", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "cri-tools", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "golang-github-prometheus-promu", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ignition", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "lifecycle-agent-operator-bundle-container", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/bare-metal-event-relay-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/numaresources-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-aws-efs-csi-driver-container-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-gcp-filestore-csi-driver-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-secrets-store-csi-driver-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-sriov-network-metrics-exporter-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-sriov-rdma-cni-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/sriov-network-metrics-exporter-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/topology-aware-lifecycle-manager-operator-bundle", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift-clients", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ose-aws-ecr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ose-azure-acr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "ose-gcp-gcr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "runc", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "skopeo", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_container_storage:4" ], "defaultStatus": "affected", "packageName": "mcg", "product": "Red Hat Openshift Container Storage 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "affected", "packageName": "mcg", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3:" ], "defaultStatus": "unaffected", "packageName": "devspaces/machineexec-rhel8", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/gitops-operator-bundle", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "packageName": "rosa", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "kubevirt", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "etcd", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-github-infrawatch-apputils", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "golang-qpid-apache", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "packageName": "qpid-proton", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "packageName": "satellite-capsule:el8/qpid-proton", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "packageName": "satellite:el8/qpid-proton", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "packageName": "satellite:el8/yggdrasil-worker-forwarder", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "packageName": "yggdrasil", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "packageName": "yggdrasil-worker-forwarder", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "qpid-proton", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-cli", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "packageName": "skupper-router", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:storage:3" ], "defaultStatus": "affected", "packageName": "heketi", "product": "Red Hat Storage 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1" ], "defaultStatus": "affected", "packageName": "rhtas/fulcio-rhel9", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by David Benoit (Red Hat)." } ], "datePublic": "2024-09-30T20:53:42.833Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.\u00a0 It is also possible to force a derived key to be all zeros instead of an unpredictable value.\u00a0 This may have follow-on implications for the Go TLS stack." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-12T20:07:36.241Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:10133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:10133" }, { "name": "RHSA-2024:7502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7502" }, { "name": "RHSA-2024:7550", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7550" }, { "name": "RHSA-2024:8327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8327" }, { "name": "RHSA-2024:8678", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8678" }, { "name": "RHSA-2024:8847", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:8847" }, { "name": "RHSA-2024:9551", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:9551" }, { "name": "RHSA-2025:2416", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:2416" }, { "name": "RHSA-2025:7118", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:7118" }, { "name": "RHSA-2025:7256", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:7256" }, { "name": "RHSA-2025:7624", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:7624" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-9355" }, { "name": "RHBZ#2315719", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315719" } ], "timeline": [ { "lang": "en", "time": "2024-09-30T17:51:17.811000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-30T20:53:42.833000+00:00", "value": "Made public." } ], "title": "Golang-fips: golang fips zeroed buffer", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-9355", "datePublished": "2024-10-01T18:17:29.420Z", "dateReserved": "2024-09-30T17:07:30.833Z", "dateUpdated": "2025-09-12T20:07:36.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-1427 (GCVE-0-2025-1427)
Vulnerability from cvelistv5
Published
2025-03-13 16:46
Modified
2025-08-19 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
▼ | URL | Tags |
---|---|---|
https://www.autodesk.com/products/autodesk-access/overview | patch | |
https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html | patch | |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.2 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-1427", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-24T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-25T03:55:23.262Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Architecture", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Electrical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Mechanical", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MEP", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD Plant 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Civil 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Advance Steel", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "AutoCAD MAP 3D", "vendor": "Autodesk", "versions": [ { "lessThan": "2025.1.2", "status": "affected", "version": "2025", "versionType": "custom" }, { "lessThan": "2024.1.7", "status": "affected", "version": "2024", "versionType": "custom" }, { "lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom" }, { "lessThan": "2022.1.6", "status": "affected", "version": "2022", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e" } ], "value": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-19T12:49:03.122Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk" }, "references": [ { "tags": [ "patch" ], "url": "https://www.autodesk.com/products/autodesk-access/overview" }, { "tags": [ "patch" ], "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html" }, { "tags": [ "vendor-advisory" ], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001" } ], "source": { "discovery": "EXTERNAL" }, "title": "CATPRODUCT File Parsing Uninitialized Variable Vulnerability", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2025-1427", "datePublished": "2025-03-13T16:46:05.612Z", "dateReserved": "2025-02-18T14:22:11.431Z", "dateUpdated": "2025-08-19T12:49:03.122Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation ID: MIT-57
Phase: Implementation
Strategy: Attack Surface Reduction
Description:
- Ensure that critical variables are initialized before first use [REF-1485].
Mitigation
Phase: Build and Compilation
Strategy: Compilation or Build Hardening
Description:
- Most compilers will complain about the use of uninitialized variables if warnings are turned on.
Mitigation
Phases: Implementation, Operation
Description:
- When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
Mitigation
Phase: Requirements
Strategy: Language Selection
Description:
- Choose a language that is not susceptible to these issues.
Mitigation
Phase: Architecture and Design
Description:
- Mitigating technologies such as safe string libraries and container abstractions could be introduced.
No CAPEC attack patterns related to this CWE.