PT-2021-16446 · Open Design Alliance · Open Design Alliance Drawings Sdk

Rgod

Published

2021-01-18

Updated

2022-04-08

CVE-2021-25174

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2021.12

Description: A memory corruption issue exists when reading malformed DGN files, potentially allowing attackers to cause a crash and enabling denial of service. This can result in a crash, exit, or restart.

Recommendations: For versions prior to 2021.12, update to version 2021.12 or later to resolve the issue. As a temporary workaround, consider restricting the processing of DGN files from untrusted sources to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-25174

ZDI-21-226

Affected Products

Open Design Alliance Drawings Sdk

PT-2021-16446 · Open Design Alliance · Open Design Alliance Drawings Sdk

CVE-2021-25174

Weakness Enumeration

Related Identifiers

Affected Products

References · 9