Parasolid V35.0/V35.1 XT File Null Pointer Dereference Vulnerability Could Lead to Denial of Service
CVE-2024-22043

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Parasolid V35.0; Parasolid V35.1
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Affected Version(s)

Parasolid V35.0 0

Parasolid V35.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7972...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 4, 2024