PT-2021-23799 · Open Design Alliance · Open Design Alliance Prc Sdk

Khangkito

Published

2021-11-10

Updated

2021-11-30

CVE-2021-43279

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Design Alliance PRC SDK versions prior to 2022.10

Description An out-of-bounds write issue exists in the U3D file reading procedure. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of the current process.

Recommendations For versions prior to 2022.10, update to a version 2022.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of U3D files until a patch is available. Avoid using crafted U3D files that can trigger the out-of-bounds write.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-43279

ZDI-21-1292

ZDI-21-1294

ZDI-21-1296

ZDI-21-1337

Affected Products

Open Design Alliance Prc Sdk

PT-2021-23799 · Open Design Alliance · Open Design Alliance Prc Sdk

CVE-2021-43279

Weakness Enumeration

Related Identifiers

Affected Products

References · 10