CVE-2023-24560

Name of the Vulnerable Software and Affected Versions Solid Edge SE2022 versions prior to V222.0MP12 Solid Edge SE2023 versions prior to V223.0Update2

Description A vulnerability has been identified in the affected application, which contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. The issue is related to writing data beyond the buffer in memory, and exploitation may allow an attacker to execute arbitrary code using specially crafted PAR files.

Recommendations For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later. For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later. As a temporary workaround, consider restricting the use of PAR files in the affected application until a patch is available.