1. CVE-Search
  2. CVE-2020-28599
ID CVE-2020-28599
Summary A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:openscad:openscad:-:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2011.12:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2011.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2013.01:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2013.01:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2013.06:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2013.06:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2014.03:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2014.03:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2015.03:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2015.03:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2019.05:*:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2019.05:*:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2020.12:rc2:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2020.12:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2020.12:rc3:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2020.12:rc3:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2020.12:rc4:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2020.12:rc4:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2021.01:rc5:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2021.01:rc5:*:*:*:*:*:*
  • cpe:2.3:a:openscad:openscad:2021.01:rc6:*:*:*:*:*:*
    cpe:2.3:a:openscad:openscad:2021.01:rc6:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 06-10-2022 - 18:48)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
Last major update 06-10-2022 - 18:48
Published 24-02-2021 - 16:15
Last modified 06-10-2022 - 18:48
Back to Top