Common Weakness Enumeration

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVE-2024-21803 (GCVE-0-2024-21803)

Vulnerability from cvelistv5 – Published: 2024-01-30 07:15 – Updated: 2025-05-29 15:05
VLAI
Title
Possible UAF in bt_accept_poll in Linux kernel
Summary
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux kernel Affected: v2.6.12-rc2 , < v6.8-rc1 (custom)
Create a notification for this product.
Credits
胡宇轩 <yuxuanhu@buaa.edu.cn>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T19:08:48.634204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T15:05:53.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://kernel.org/",
          "defaultStatus": "unaffected",
          "modules": [
            "bluetooth"
          ],
          "packageName": "kernel",
          "platforms": [
            "Linux",
            "x86",
            "ARM"
          ],
          "product": "Linux kernel",
          "programFiles": [
            "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.c"
          ],
          "repo": "https://gitee.com/anolis/cloud-kernel.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v6.8-rc1",
              "status": "affected",
              "version": "v2.6.12-rc2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "\u80e1\u5b87\u8f69 \u003cyuxuanhu@buaa.edu.cn\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\u003c/p\u003e"
            }
          ],
          "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-30T07:15:33.276Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Possible UAF in bt_accept_poll in Linux kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2024-21803",
    "datePublished": "2024-01-30T07:15:33.276Z",
    "dateReserved": "2024-01-15T09:44:45.561Z",
    "dateUpdated": "2025-05-29T15:05:53.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21860 (GCVE-0-2024-21860)

Vulnerability from cvelistv5 – Published: 2024-02-02 06:18 – Updated: 2024-11-08 15:38
VLAI
Title
Dsoftbus has a use after free vulnerability
Summary
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v3.2.0 , ≤ v3.2.4 (custom)
Affected: v4.0.0 , < v4.0.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-05T21:03:38.565314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:38:33.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThanOrEqual": "v3.2.4",
              "status": "affected",
              "version": "v3.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v4.0.1",
              "status": "affected",
              "version": "v4.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nin OpenHarmony v4.0.0 and prior versions\n\nallow an adjacent attacker arbitrary code execution in any apps through use after free."
            }
          ],
          "value": "\nin OpenHarmony v4.0.0 and prior versions\n\nallow an adjacent attacker arbitrary code execution in any apps through use after free."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T06:18:55.540Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dsoftbus has a use after free vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2024-21860",
    "datePublished": "2024-02-02T06:18:55.540Z",
    "dateReserved": "2024-01-06T11:01:00.629Z",
    "dateUpdated": "2024-11-08T15:38:33.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21918 (GCVE-0-2024-21918)

Vulnerability from cvelistv5 – Published: 2024-03-26 15:44 – Updated: 2024-08-06 15:05
VLAI
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Rockwell Automation Arena Simulation Affected: Version 16.00 - 16.20.02
Create a notification for this product.
rockwellautomation arena_simulation Affected: 16.00.00 , ≤ 16.20.02 (custom)
    cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-26 14:00
Credits
Michael Heinzl
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arena_simulation",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThanOrEqual": "16.20.02",
                "status": "affected",
                "version": "16.00.00",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T15:03:54.923310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:05:34.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arena Simulation",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "Version 16.00 - 16.20.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Heinzl"
        }
      ],
      "datePublic": "2024-03-26T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation.  Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation.  Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-26T15:44:33.835Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to v16.20.03"
            }
          ],
          "value": "Update to v16.20.03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-21918",
    "datePublished": "2024-03-26T15:44:33.835Z",
    "dateReserved": "2024-01-03T16:40:50.368Z",
    "dateUpdated": "2024-08-06T15:05:34.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22098 (GCVE-0-2024-22098)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:22 – Updated: 2024-08-01 22:35
VLAI
Title
AVSession has a use after free vulnerability
Summary
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v3.2.0 , ≤ v3.2.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22098",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:37:43.746741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:37:50.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThanOrEqual": "v3.2.4",
              "status": "affected",
              "version": "v3.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free."
            }
          ],
          "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-02T06:22:41.611Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "AVSession has a use after free vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2024-22098",
    "datePublished": "2024-04-02T06:22:41.611Z",
    "dateReserved": "2024-01-06T11:01:00.591Z",
    "dateUpdated": "2024-08-01T22:35:34.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22180 (GCVE-0-2024-22180)

Vulnerability from cvelistv5 – Published: 2024-04-02 06:22 – Updated: 2024-08-01 22:35
VLAI
Title
Camera has a use after free vulnerability
Summary
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v3.2.0 , ≤ v4.0.0 (custom)
Create a notification for this product.
openharmony openharmony Affected: 0 , < 4.0.0 (custom)
    cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openharmony",
            "vendor": "openharmony",
            "versions": [
              {
                "lessThan": "4.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-02T12:31:11.302563Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T15:50:30.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThanOrEqual": "v4.0.0",
              "status": "affected",
              "version": "v3.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free."
            }
          ],
          "value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-02T06:22:45.558Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Camera has a use after free vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2024-22180",
    "datePublished": "2024-04-02T06:22:45.558Z",
    "dateReserved": "2024-01-06T11:01:00.647Z",
    "dateUpdated": "2024-08-01T22:35:34.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23134 (GCVE-0-2024-23134)

Vulnerability from cvelistv5 – Published: 2024-02-22 04:27 – Updated: 2025-08-28 14:28
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_electrical Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_map_3d Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_advance_steel Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_civil_3d Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_architecture Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_mechanical Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_mep Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_plant_3d Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:38:32.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:28:11.268Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23134",
    "datePublished": "2024-02-22T04:27:15.155Z",
    "dateReserved": "2024-01-11T21:47:40.856Z",
    "dateUpdated": "2025-08-28T14:28:11.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23135 (GCVE-0-2024-23135)

Vulnerability from cvelistv5 – Published: 2024-02-22 04:34 – Updated: 2025-08-26 20:38
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.0.1 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2021 , < 2021.1.4 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_advance_steel Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_civil_3d Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad Affected: 2021 , < 2021.1.4 (custom)
Affected: 2022 , < 2022.1.4 (custom)
Affected: 2023 , < 2023.1.5 (custom)
Affected: 2024 , < 2024.1.3 (custom)
Affected: 2025 , < 2025.0.1 (custom)
    cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "lessThan": "2021.1.4",
                "status": "affected",
                "version": "2021",
                "versionType": "custom"
              },
              {
                "lessThan": "2022.1.4",
                "status": "affected",
                "version": "2022",
                "versionType": "custom"
              },
              {
                "lessThan": "2023.1.5",
                "status": "affected",
                "version": "2023",
                "versionType": "custom"
              },
              {
                "lessThan": "2024.1.3",
                "status": "affected",
                "version": "2024",
                "versionType": "custom"
              },
              {
                "lessThan": "2025.0.1",
                "status": "affected",
                "version": "2025",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T14:40:30.040434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:38:56.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:30.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.0.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.5",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.4",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.4",
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:24:45.409Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23135",
    "datePublished": "2024-02-22T04:34:27.533Z",
    "dateReserved": "2024-01-11T21:47:40.857Z",
    "dateUpdated": "2025-08-26T20:38:56.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23142 (GCVE-0-2024-23142)

Vulnerability from cvelistv5 – Published: 2024-06-25 01:24 – Updated: 2025-08-26 20:41
VLAI
Title
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Summary
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.4 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad Affected: 2024
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk advance_steel Affected: 2024
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk civil_3d Affected: 2024
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_architecture Affected: 2024
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_electrical Affected: 2024
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_map_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_mechanical Affected: 2024
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_mep Affected: 2024
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_plant_3d Affected: 2024
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_map_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:36:51.042238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:41:57.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.4",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:35:42.201Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23142",
    "datePublished": "2024-06-25T01:24:02.359Z",
    "dateReserved": "2024-01-11T21:51:08.013Z",
    "dateUpdated": "2025-08-26T20:41:57.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23158 (GCVE-0-2024-23158)

Vulnerability from cvelistv5 – Published: 2024-06-25 03:31 – Updated: 2025-08-26 20:47
VLAI
Title
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
Summary
A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1 (custom)
Affected: 2024 , < 2024.1.5 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.5 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
autodesk autocad_advance_steel Affected: 2024
    cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*
Create a notification for this product.
autodesk civil_3d Affected: 2024
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_advance_steel",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:31:23.903824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:47:56.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.5",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.5",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:52:41.077Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-23158",
    "datePublished": "2024-06-25T03:31:47.315Z",
    "dateReserved": "2024-01-11T21:51:41.602Z",
    "dateUpdated": "2025-08-26T20:47:56.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23322 (GCVE-0-2024-23322)

Vulnerability from cvelistv5 – Published: 2024-02-09 22:51 – Updated: 2024-08-01 22:59
VLAI
Title
Envoy crashes when idle and request per try timeout occur within the backoff interval
Summary
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.29.0, < 1.29.1
Affected: >= 1.28.0, < 1.28.1
Affected: >= 1.27.0, < 1.27.3
Affected: < 1.26.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T19:07:29.878703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:20:52.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.28.0, \u003c 1.28.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.27.0, \u003c 1.27.3"
            },
            {
              "status": "affected",
              "version": "\u003c 1.26.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T22:51:53.539Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
        }
      ],
      "source": {
        "advisory": "GHSA-6p83-mfmh-qv38",
        "discovery": "UNKNOWN"
      },
      "title": "Envoy crashes when idle and request per try timeout occur within the backoff interval"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-23322",
    "datePublished": "2024-02-09T22:51:53.539Z",
    "dateReserved": "2024-01-15T15:19:19.438Z",
    "dateUpdated": "2024-08-01T22:59:32.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Architecture and Design

Strategy: Language Selection

Description:

  • Choose a language that provides automatic memory management.
Mitigation

Phase: Implementation

Strategy: Attack Surface Reduction

Description:

  • When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page