CVE-2023-23579

Summary

Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
DatakitCrossCAD/Ware_x64 library 00 < 2023.1affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

Workarounds

Datakit has identified specific workarounds and mitigations that should be applied to reduce the risk:

  • Do not open untrusted SLDPRT files with CrossCAD/Ware
  • Update CrossCAD/Ware to 2023.1 or a later version.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References