Products

Solutions

Company

Book A Live Demo

CVE-2022-35903 : Security Advisory and Response

Discover the impact of CVE-2022-35903 found in Bentley MicroStation and Bentley View before 10.17.0.x. Learn about the out-of-bounds read risk and necessary mitigation steps.

This article provides an overview of CVE-2022-35903, discussing the vulnerability discovered in Bentley MicroStation and Bentley View applications.

Understanding CVE-2022-35903

CVE-2022-35903 is a security issue found in Bentley MicroStation versions prior to 10.17.0.x and Bentley View versions before 10.17.0.x. It involves the parsing of 3DS files, leading to a potential out-of-bounds read vulnerability.

What is CVE-2022-35903?

An issue was identified in Bentley MicroStation and Bentley View that allows an attacker to trigger an out-of-bounds read by manipulating crafted data within a 3DS file. This could be exploited to extract information within the current process context.

The Impact of CVE-2022-35903

The vulnerability poses a low-severity risk with a CVSS base score of 3.3. Although the attack complexity is low and requires user interaction, it could lead to unauthorized information disclosure within the affected application.

Technical Details of CVE-2022-35903

The following technical aspects are associated with CVE-2022-35903:

Vulnerability Description

The flaw enables an attacker to perform an out-of-bounds read through manipulation of 3DS file data, potentially leaking sensitive information.

Affected Systems and Versions

Bentley MicroStation versions before 10.17.0.x and Bentley View versions prior to 10.17.0.x are impacted by this vulnerability.

Exploitation Mechanism

Exploiting this vulnerability requires the use of a specifically crafted 3DS file, which can be used to trigger the out-of-bounds read.

Mitigation and Prevention

To address CVE-2022-35903, consider the following security measures:

Immediate Steps to Take

Users are advised to update MicroStation and View to versions 10.17.0.x or higher to mitigate the risk of exploitation.

Long-Term Security Practices

Implement strict file validation checks and regularly update software to prevent similar vulnerabilities in the future.

Patching and Updates

Stay informed about security patches and promptly apply updates released by Bentley to ensure system security.

CVE-2022-35903 : Security Advisory and Response

Understanding CVE-2022-35903

What is CVE-2022-35903?

The Impact of CVE-2022-35903

Technical Details of CVE-2022-35903

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2022-35903 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2022-35903

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2022-35903?

The Impact of CVE-2022-35903

Technical Details of CVE-2022-35903

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2022-35903

What is CVE-2022-35903?

Is your System Free of Underlying Vulnerabilities?
Find Out Now