CVE-2020-35636 - OpenCVE

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cgal	Computational Geometry Algorithms Library
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2021-03-04T00:00:00

Updated: 2024-08-04T17:09:14.629Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2020-35636

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-04T20:15:13.300

Modified: 2023-05-30T06:15:17.317

Link: CVE-2020-35636

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-35636", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "dateUpdated": "2024-08-04T17:09:14.629Z", "dateReserved": "2020-12-22T00:00:00", "datePublished": "2021-03-04T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-05-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability."}], "affected": [{"vendor": "n/a", "product": "CGAL Project", "versions": [{"version": "CGAL Project libcgal CGAL-5.1.1", "status": "affected"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"}, {"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"}, {"name": "GLSA-202305-34", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-34"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-129: Improper Validation of Array Index", "cweId": "CWE-129"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:14.629Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"}, {"name": "GLSA-202305-34", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-34"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C311021-93EC-4DA0-A65A-814821D1BD37", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad polygon-parsing de Nef de CGAL libcgal versi\u00f3n CGAL-5.1.1 en Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. Un archivo con formato incorrecto especialmente dise\u00f1ado puede provocar una lectura fuera de l\u00edmites y confusi\u00f3n de tipos, lo que podr\u00eda conducir a la ejecuci\u00f3n del c\u00f3digo. Un atacante puede proporcionar informaci\u00f3n malintencionada para desencadenar esta vulnerabilidad."}], "id": "CVE-2020-35636", "lastModified": "2023-05-30T06:15:17.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-04T20:15:13.300", "references": [{"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"}, {"source": "talos-cna@cisco.com", "url": "https://security.gentoo.org/glsa/202305-34"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "talos-cna@cisco.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Secondary"}]}