An out of bounds read has been identified in Parasolid V33.1 (All versions V33.1.262), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), Simcenter Femap V2022.1 (All versions V2022.1.3), Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application fails to properly sanitize user input before using it to access system resources. An attacker could leverage this vulnerability to execute arbitrary code on the affected system. (ZDI-CAN-17305) An out of bounds read has been identified in Parasolid V33.1 (All versions V33.1.262), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), Simcenter Femap V2022.1 (All versions V2022.1.3), Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application fails to properly sanitize user input before using it to access system resources.
Affected Software:
Parasolid V33.1 (All versions V33.1.262), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), Simcenter Femap V2022.1 (All versions V2022.1.3), Simcenter Femap V2022.2 (All versions V2022.2.2).
Vulnerability Details: ZDI-CAN-17305
A vulnerability has been identified in the Parasolid V33.1 (All versions V33.1.262), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), Simcenter Femap V2022.1 (All versions V2022.1.3), Simcenter Femap V2022 2 .2 . The application fails to properly sanitize user input before using it to access system resources, leading to an out of bounds read and potential privilege escalation, resulting in a denial of service condition or potential for remote code execution on the affected system
An attacker can leverage this vulnerability to execute arbitrary code on the affected system
References: ZDI-CAN-17305
CVE-2022-39138
Timeline
Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:15:00 UTC