Stack Exhaustion Vulnerability in Parasolid Could Lead to Denial of Service
CVE-2024-26276

3.3LOW

Key Information:

Vendor: Siemens
Status: Jt2go; Parasolid V35.1; Parasolid V36.0; Parasolid V36.1
Vendor: CVE Published:; 9 April 2024

Summary

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Affected Version(s)

JT2Go 0

Parasolid V35.1 0

Parasolid V36.0 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2220...

https://cert-portal.siemens.com/productcert/html/ssa-7719...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Feb 15, 2024