CRITICAL🇵🇱 Wersja polska

CVE-2023-29073

CVSS 9.8v3.1pub. 2023-11-23upd. 2024-11-21

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

🤖 AI Analysis
How it works

The vulnerability occurs during parsing of a maliciously crafted MODEL file by Autodesk AutoCAD. Improper handling of input data leads to a heap-based buffer overflow, which corresponds to CWE-122 and CWE-787 weaknesses (writing out of buffer bounds). An attacker can deliver such a file to the victim, for example via email or a shared network resource, and simply opening the file in the vulnerable application triggers the exploit.

Impact

An attacker can cause application crashes (DoS), read sensitive data from process memory, or execute arbitrary code (RCE) in the context of the currently logged-in user.

Mitigation & patch

Apply patches available from the vendor according to the references: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018. It is recommended to immediately update the software to the version indicated by Autodesk. As an additional precautionary measure, exercise special caution when opening MODEL files from untrusted sources.

Who is affected

Autodesk AutoCAD 2023, Autodesk AutoCAD 2024, Autodesk AutoCAD Advance Steel 2023, Autodesk AutoCAD Advance Steel 2024

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Autodesk Autocad

    APP
    Autodesk
    < 2024.12023.0.0 – 2023.1.4 (bez)2024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Advance Steel

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Architecture

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Civil 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Electrical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Lt

    APP
    Autodesk
    < 2023.1.4< 2024.12024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Map 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mechanical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mep

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Plant 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSMemory
CWE
References

Related vulnerabilities

CVE-2023-29076CRITICAL9.8PL ✓ten sam produkt

Autodesk AutoCAD — uszkodzenie pamięci przy parsowaniu plików 3D (RCE)

CVE-2023-29074CRITICAL9.8PL ✓ten sam produkt

Autodesk AutoCAD: Out-Of-Bounds Write przy parsowaniu pliku CATPART

CVE-2023-29075CRITICAL9.8PL ✓ten sam produkt

Out-Of-Bounds Write w Autodesk AutoCAD przy parsowaniu pliku PRT

CVE-2026-0874HIGH7.8ten sam produkt

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds ...

CVE-2026-0875HIGH7.8ten sam produkt

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Wr...