CRITICAL🇵🇱 Wersja polska

CVE-2023-29074

CVSS 9.8v3.1pub. 2023-11-23upd. 2024-11-21

A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

🤖 AI Analysis
How it works

During CATPART file parsing, the AutoCAD application does not properly verify memory write boundaries, resulting in an Out-Of-Bounds Write error (CWE-787). An attacker can deliver a specially crafted CATPART file to a victim, which when opened in a vulnerable software version triggers a write error outside the allocated memory area. Improper memory access can be exploited to take control of process execution flow or to read sensitive data from memory.

Impact

An attacker can cause the application to crash (DoS), read sensitive data from process memory, or execute arbitrary code (RCE) in the context of the currently logged-in user's process.

Mitigation & patch

Patches available from the vendor should be applied according to the references — detailed information about fixed versions is available in Autodesk's security bulletin: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018

Who is affected

Autodesk AutoCAD 2023 and 2024, and Autodesk AutoCAD Advance Steel (versions specified in vendor references).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Autodesk Autocad

    APP
    Autodesk
    < 2024.12023.0.0 – 2023.1.4 (bez)2024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Advance Steel

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Architecture

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Civil 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Electrical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Lt

    APP
    Autodesk
    < 2023.1.4< 2024.12024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Map 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mechanical

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Mep

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
  • Autodesk Autocad Plant 3d

    APP
    Autodesk
    < 2023.1.42024.0.0 – 2024.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSMemory
CWE
References

Related vulnerabilities

CVE-2023-29076CRITICAL9.8PL ✓ten sam produkt

Autodesk AutoCAD — uszkodzenie pamięci przy parsowaniu plików 3D (RCE)

CVE-2023-29073CRITICAL9.8PL ✓ten sam produkt

Heap-Based Buffer Overflow w Autodesk AutoCAD przy parsowaniu pliku MODEL

CVE-2023-29075CRITICAL9.8PL ✓ten sam produkt

Out-Of-Bounds Write w Autodesk AutoCAD przy parsowaniu pliku PRT

CVE-2026-0874HIGH7.8ten sam produkt

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds ...

CVE-2026-0875HIGH7.8ten sam produkt

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Wr...