CVE-2021-43279

Published: Nov 14, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Affected (1)

Products: Opendesign: Oda Prc Software Development Kit

1 product

Oda Prc Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opendesign Oda Prc Software Development Kit	Before 2022.10

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://www.opendesign.com/security-advisories

Source: cve@mitre.org

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1337/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.opendesign.com/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1337/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.