PT-2021-20020 · Cscape · Cscape
Michael Heinzl
·
Published
2021-08-25
·
Updated
2021-09-01
·
CVE-2021-33015
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cscape versions prior to 9.90 SP5
Description
The issue arises from a lack of proper validation of user-supplied data when parsing project files, potentially leading to an out-of-bounds write via an uninitialized pointer. This could allow an attacker to execute code in the context of the current process.
Recommendations
For versions prior to 9.90 SP5, update to version 9.90 SP5 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of project files from untrusted sources until a patch is applied.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cscape