CVE-2020-35628: Out-of-bounds Read
First published: Thu Mar 04 2021(Updated: )
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CGAL Computational Geometry Algorithms Library | =5.1.1 | |
| Red Hat Fedora | =33 | |
| Red Hat Fedora | =34 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/
- https://security.gentoo.org/glsa/202305-34
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/
Frequently Asked Questions
What is the severity of CVE-2020-35628?
CVE-2020-35628 has been classified as a code execution vulnerability which can lead to significant security risks.
How do I fix CVE-2020-35628?
To fix CVE-2020-35628, you should upgrade to the latest versions of CGAL and associated affected software packages in your environment.
Which versions of CGAL are affected by CVE-2020-35628?
CVE-2020-35628 specifically affects CGAL version 5.1.1.
Are there any specific operating systems affected by CVE-2020-35628?
Yes, CVE-2020-35628 impacts Fedora 33, Fedora 34, and Debian 9.0 and 10.0.
What type of vulnerability is CVE-2020-35628?
CVE-2020-35628 is classified as an out-of-bounds read vulnerability that can lead to code execution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cgal
- canonical/cgal computational geometry algorithms library
- version/cgal computational geometry algorithms library/5.1.1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- version/red hat fedora/34
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0