PT-2022-12432 · Freecad+1 · Freecad+1

Eldstal

Published

2022-01-25

Updated

2022-10-27

CVE-2021-45844

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeCAD version 0.19

Description The issue is related to improper sanitization in the invocation of ODA File Converter from FreeCAD, allowing an attacker to inject OS commands via a crafted filename.

Recommendations For FreeCAD version 0.19, consider disabling the invocation of ODA File Converter until a patch is available to prevent OS command injection via crafted filenames.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-45844

DLA-2934-1

DLA-3076-1

DSA-5229-1

MGASA-2022-0325

Affected Products

Freecad

Oda File Converter

PT-2022-12432 · Freecad+1 · Freecad+1

CVE-2021-45844

Weakness Enumeration

Related Identifiers

Affected Products

References · 22