CVE-2023-22295

Summary

Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information.

Affected Software

VendorProductVersion RangeStatus
DatakitCrossCAD/Ware_x64 library0 < 2023.1affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

Workarounds

Datakit has identified specific workarounds and mitigations that should be applied to reduce the risk:

  • Do not open untrusted SLDPRT files with CrossCAD/Ware

  • Update CrossCAD/Ware to 2023.1 or a later version.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References