CVE-2023-0973

2023-03-1318:15:12

CWE-476

[email protected]

web.nvd.nist.gov

cve-2023-0973

steptools

ifcmesh library

null pointer dereference

denial of service

application crash

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.

Affected configurations

NVD

Node

steptoolsifcmesh_libraryRange<18.102

CPENameOperatorVersion
steptools:ifcmesh_librarysteptools ifcmesh librarylt18.102

CPE	Name	Operator	Version
steptools:ifcmesh_library	steptools ifcmesh library	lt	18.102

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "v18SP1 ifcmesh library",
    "vendor": "Step Tools",
    "versions": [
      {
        "status": "affected",
        "version": "v18.1"
      }
    ]
  }
]