CVE-2021-44962 - OpenCVE

An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Slic3r	Libslic3r

Configuration 1 [-]

cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*

References

Link	Resource
https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw	Exploit Third Party Advisory
https://slic3r.org	Product Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-01T01:54:52

Updated: 2022-03-09T06:17:51

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-44962

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-01T02:15:07.507

Modified: 2022-03-24T15:34:54.217

Link: CVE-2021-44962

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "188C5C50-5D37-4F11-A4C1-541552348BF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en la funcionalidad GCode::extrude() de Slic3r libslic3r versiones 1.3.0 y Master Commit b1a5500. Un archivo stl especialmente dise\u00f1ado podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2021-44962", "lastModified": "2022-03-24T15:34:54.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-01T02:15:07.507", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://slic3r.org"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}