CVE-2020-13494

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

05 Oct 2022, 15:26

Type	Values Removed	Values Added
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103 - Exploit, Technical Description, Third Party Advisory~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103 - Exploit, Third Party Advisory
CWE	~~CWE-120~~

08 Sep 2021, 17:22

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:mac_os:-:::::::*	cpe:2.3:o:apple:macos:-:::::::*
CWE		CWE-787

Information

Published : 2020-12-02 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-13494

Mitre link : CVE-2020-13494

CVE.ORG link : CVE-2020-13494

JSON object : View

Products Affected

pixar

openusd

apple

macos

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2020-13494", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-12-02T18:15:12.307", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de la pila en el an\u00e1lisis de Pixar OpenUSD versi\u00f3n 20.05 de tokens de cadenas comprimidas en archivos USD binarios. Un archivo malformado especialmente dise\u00f1ado puede desencadenar un desbordamiento de la pila que puede resultar en un acceso a la memoria fuera de l\u00edmites que podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n. Esta vulnerabilidad podr\u00eda ser usada para omitir las mitigaciones y ayudar a una mayor explotaci\u00f3n. Para desencadenar esta vulnerabilidad, la v\u00edctima necesita acceder a un archivo malformado proporcionado por un atacante"}], "lastModified": "2022-10-05T15:26:53.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2989B344-FD33-4F80-9204-4A85CC59CF90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}