CVE-2020-13520

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/kb/HT212011	Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1120	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

22 Sep 2021, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-119~~	CWE-787
CPE	cpe:2.3:o:apple:mac_os::::::::	cpe:2.3:o:apple:macos::::::::

25 Feb 2021, 20:48

Type	Values Removed	Values Added
References	~~(CONFIRM) https://support.apple.com/kb/HT212011 -~~	(CONFIRM) https://support.apple.com/kb/HT212011 - Third Party Advisory
CPE		cpe:2.3:o:apple:mac_os::::::::

02 Feb 2021, 03:15

Type	Values Removed	Values Added
References		(CONFIRM) https://support.apple.com/kb/HT212011 -

Information

Published : 2020-12-11 04:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-13520

Mitre link : CVE-2020-13520

CVE.ORG link : CVE-2020-13520

JSON object : View

Products Affected

apple

macos

pixar

openusd

CWE

CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2020-13520", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-12-11T04:15:11.143", "references": [{"url": "https://support.apple.com/kb/HT212011", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1120", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de corrupci\u00f3n de memoria fuera de l\u00edmites en la forma en que Pixar OpenUSD versi\u00f3n 20.05, reconstruye rutas a partir de archivos USD binarios. Un archivo malformado especialmente dise\u00f1ado puede desencadenar una modificaci\u00f3n de la memoria fuera de l\u00edmites que puede resultar en una ejecuci\u00f3n de c\u00f3digo remota. Para desencadenar esta vulnerabilidad, la v\u00edctima debe acceder a un archivo malformado proporcionado por el atacante"}], "lastModified": "2022-06-07T18:36:52.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2989B344-FD33-4F80-9204-4A85CC59CF90"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34BD2DC9-459A-46A3-82C8-ECA892F3B3D5", "versionEndExcluding": "11.1"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}