Vulnerabilites related to cgal - computational_geometry_algorithms_library
cve-2020-28606
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28606", datePublished: "2022-04-18T16:55:52.671943Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T04:19:10.001Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28636
Vulnerability from cvelistv5
Published
2021-03-04 00:00
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28636", datePublished: "2021-03-04T00:00:00", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-08-04T16:40:59.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28633
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28633", datePublished: "2022-04-18T16:56:35.232416Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T02:07:06.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28635
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.811Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28635", datePublished: "2022-04-18T16:56:38.101493Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T04:29:39.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28609
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-06T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28609", datePublished: "2022-04-18T16:55:57.251463Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T17:59:50.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28628
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28628", datePublished: "2022-04-18T16:56:27.121207Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T22:40:07.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28605
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28605", datePublished: "2022-04-18T16:55:51.216142Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:54:27.721Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28604
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.797Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28604", datePublished: "2022-04-18T16:55:49.741829Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T16:43:59.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28608
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28608", datePublished: "2022-04-18T16:55:55.683260Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T03:07:07.718Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28626
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28626", datePublished: "2022-04-18T16:56:24.183600Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:54:08.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35630
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35630", datePublished: "2022-04-18T16:56:41.182406Z", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-09-16T19:46:11.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28621
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28621", datePublished: "2022-04-18T16:56:16.919429Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T03:22:53.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35636
Vulnerability from cvelistv5
Published
2021-03-04 00:00
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | CGAL Project |
Version: CGAL Project libcgal CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL Project", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35636", datePublished: "2021-03-04T00:00:00", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-04T17:09:14.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28607
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28607", datePublished: "2022-04-18T16:55:54.249123Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T02:01:18.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28624
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28624", datePublished: "2022-04-18T16:56:21.220869Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:03:54.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28612
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.758Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28612", datePublished: "2022-04-18T16:56:01.859540Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T23:42:14.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35634
Vulnerability from cvelistv5
Published
2021-08-30 00:00
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | CGAL Project |
Version: CGAL Project libcgal CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:15.104Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL Project", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35634", datePublished: "2021-08-30T00:00:00", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-04T17:09:15.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28632
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28632", datePublished: "2022-04-18T16:56:33.465363Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:39:57.450Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28629
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28629", datePublished: "2022-04-18T16:56:28.582802Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T22:56:07.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28611
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28611", datePublished: "2022-04-18T16:56:00.122022Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T22:26:19.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28631
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28631", datePublished: "2022-04-18T16:56:31.540379Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T19:56:52.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35628
Vulnerability from cvelistv5
Published
2021-03-04 00:00
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35628", datePublished: "2021-03-04T00:00:00", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-04T17:09:14.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35631
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35631", datePublished: "2022-04-18T16:56:42.551437Z", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-09-16T20:22:00.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28603
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28603", datePublished: "2022-04-18T16:55:48.165478Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T20:57:49.856Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28613
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.772Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28613", datePublished: "2022-04-18T16:56:04.515417Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:24:55.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28634
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.810Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28634", datePublished: "2022-04-18T16:56:36.729897Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T19:04:33.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35633
Vulnerability from cvelistv5
Published
2021-08-30 00:00
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | CGAL Project |
Version: CGAL Project libcgal CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL Project", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35633", datePublished: "2021-08-30T00:00:00", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-04T17:09:14.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35629
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35629", datePublished: "2022-04-18T16:56:39.561446Z", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-09-17T02:27:17.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28630
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 01:07
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28630", datePublished: "2022-04-18T16:56:30.114499Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T01:07:08.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28623
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 04:25
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28623", datePublished: "2022-04-18T16:56:19.872993Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T04:25:09.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28622
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28622", datePublished: "2022-04-18T16:56:18.445507Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T23:16:13.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28602
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28602", datePublished: "2022-04-18T16:55:46.638169Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T20:03:42.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28620
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.795Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28620", datePublished: "2022-04-18T16:56:15.504137Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T23:35:42.765Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35632
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35632", datePublished: "2022-04-18T16:56:44.039025Z", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-09-16T19:30:01.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28625
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28625", datePublished: "2022-04-18T16:56:22.629973Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T01:06:04.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28610
Vulnerability from cvelistv5
Published
2022-04-18 16:55
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28610", datePublished: "2022-04-18T16:55:58.654244Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T17:43:01.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28616
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.802Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28616", datePublished: "2022-04-18T16:56:09.105780Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:39:50.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28614
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28614", datePublished: "2022-04-18T16:56:06.022740Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T19:56:12.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28618
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:41:00.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28618", datePublished: "2022-04-18T16:56:12.431513Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T19:40:48.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28615
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 01:05
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28615", datePublished: "2022-04-18T16:56:07.382842Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T01:05:58.931Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28601
Vulnerability from cvelistv5
Published
2021-03-04 00:00
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "FEDORA-2021-0d42c7cb33", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { name: "FEDORA-2021-9de542ab4c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { name: "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28601", datePublished: "2021-03-04T00:00:00", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-08-04T16:40:59.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28627
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:41:00.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28627", datePublished: "2022-04-18T16:56:25.801912Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T17:03:20.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28617
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.727Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28617", datePublished: "2022-04-18T16:56:10.592086Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T00:35:44.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28619
Vulnerability from cvelistv5
Published
2022-04-18 16:56
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CGAL Project | libcgal |
Version: CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libcgal", vendor: "CGAL Project", versions: [ { status: "affected", version: "CGAL-5.1.1", }, ], }, ], datePublic: "2021-02-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-28619", datePublished: "2022-04-18T16:56:13.942016Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-16T18:24:52.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35635
Vulnerability from cvelistv5
Published
2021-08-30 00:00
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | CGAL Project |
Version: CGAL Project libcgal CGAL-5.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CGAL Project", vendor: "n/a", versions: [ { status: "affected", version: "CGAL Project libcgal CGAL-5.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-30T00:00:00", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { name: "[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { name: "GLSA-202305-34", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, ], }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-35635", datePublished: "2021-08-30T00:00:00", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-04T17:09:14.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SM_io_parser.h en la función SM_io_parser(Decorator_)::read_vertex() set_first_out_edge()", }, ], id: "CVE-2020-28611", lastModified: "2024-11-21T05:23:00.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.803", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_facet() fh-)boundary_entry_objects SEdge_of", }, ], id: "CVE-2020-28624", lastModified: "2024-11-21T05:23:02.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.433", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-04 20:15
Modified
2024-11-21 05:27
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad polygon-parsing de Nef de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura oob en slh->incident_sface de la función SNC_io_parser::read_sloop() del archivo Nef_S2/SNC_io_parser.h. Un atacante puede proporcionar información malintencionada para desencadenar esta vulnerabilidad", }, ], id: "CVE-2020-35628", lastModified: "2024-11-21T05:27:44.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-04T20:15:13.253", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 18:15
Modified
2024-11-21 05:27
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad Nef polygon-parsing de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura de oob en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() sfh-)boundary_entry_objects Sloop_of. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2020-35634", lastModified: "2024-11-21T05:27:45.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T18:15:07.900", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-04 20:15
Modified
2024-11-21 05:22
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad polygon-parsing de Nef de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura OOB de Face_of[] de la función PM_io_parser::read_vertex() del archivo Nef_2/PM_io_parser.h. Un atacante puede proporcionar información maliciosa para desencadenar esta vulnerabilidad", }, ], id: "CVE-2020-28601", lastModified: "2024-11-21T05:22:59.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-04T20:15:12.910", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_volume() ch-)shell_entry_objects()", }, ], id: "CVE-2020-28627", lastModified: "2024-11-21T05:23:03.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.583", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)shalfedges_begin()", }, ], id: "CVE-2020-28614", lastModified: "2024-11-21T05:23:01.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.953", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() SD.link_as_face_cycle()", }, ], id: "CVE-2020-35631", lastModified: "2024-11-21T05:27:44.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:14.157", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_facet() fh-)incident_volume()", }, ], id: "CVE-2020-28626", lastModified: "2024-11-21T05:23:03.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.537", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_edge() eh-)incident_sface()", }, ], id: "CVE-2020-28622", lastModified: "2024-11-21T05:23:02.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.337", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_hedge() e-)set_prev()", }, ], id: "CVE-2020-28603", lastModified: "2024-11-21T05:22:59.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.417", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_facet() fh-)boundary_entry_objects SLoop_of", }, ], id: "CVE-2020-28625", lastModified: "2024-11-21T05:23:03.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.487", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SM_io_parser.h en la función SM_io_parser(Decorator_)::read_vertex() set_face()", }, ], id: "CVE-2020-28610", lastModified: "2024-11-21T05:23:00.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.750", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código múltiple en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_face() store_fc()", }, ], id: "CVE-2020-28608", lastModified: "2024-11-21T05:23:00.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.657", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)next()", }, ], id: "CVE-2020-28634", lastModified: "2024-11-21T05:23:04.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.933", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() sfh-)center_vertex()", }, ], id: "CVE-2020-35630", lastModified: "2024-11-21T05:27:44.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:14.103", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_hedge() e-)set_next()", }, ], id: "CVE-2020-28604", lastModified: "2024-11-21T05:22:59.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.463", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)prev()", }, ], id: "CVE-2020-28633", lastModified: "2024-11-21T05:23:04.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.880", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-04 20:15
Modified
2024-11-21 05:27
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad polygon-parsing de Nef de CGAL libcgal versión CGAL-5.1.1 en Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. Un archivo con formato incorrecto especialmente diseñado puede provocar una lectura fuera de límites y confusión de tipos, lo que podría conducir a la ejecución del código. Un atacante puede proporcionar información malintencionada para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2020-35636", lastModified: "2024-11-21T05:27:45.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-04T20:15:13.300", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_face() store_iv()", }, ], id: "CVE-2020-28609", lastModified: "2024-11-21T05:23:00.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.703", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_facet() fh-)twin()", }, ], id: "CVE-2020-28623", lastModified: "2024-11-21T05:23:02.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.387", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_hedge() e-)set_face()", }, ], id: "CVE-2020-28606", lastModified: "2024-11-21T05:23:00.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.560", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 18:15
Modified
2024-11-21 05:27
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad Nef polygon-parsing de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() store_sm_boundary_item() Edge_of. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2020-35633", lastModified: "2024-11-21T05:27:44.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T18:15:07.850", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)svertices_begin()", }, ], id: "CVE-2020-28612", lastModified: "2024-11-21T05:23:01.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.853", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)facet()", }, ], id: "CVE-2020-28635", lastModified: "2024-11-21T05:23:04.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.987", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)sfaces_last()", }, ], id: "CVE-2020-28617", lastModified: "2024-11-21T05:23:01.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.093", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)sfaces_begin()", }, ], id: "CVE-2020-28616", lastModified: "2024-11-21T05:23:01.710", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.047", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)shalfloop()", }, ], id: "CVE-2020-28618", lastModified: "2024-11-21T05:23:02.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.140", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sloop() slh-)facet()", }, ], id: "CVE-2020-35629", lastModified: "2024-11-21T05:27:44.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:14.047", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)shalfedges_last()", }, ], id: "CVE-2020-28615", lastModified: "2024-11-21T05:23:01.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.000", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-30 18:15
Modified
2024-11-21 05:27
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad Nef polygon-parsing de CGAL libcgal versión CGAL-5.1.1, en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2020-35635", lastModified: "2024-11-21T05:27:45.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-30T18:15:07.947", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() sfh-)boundary_entry_objects Edge_of", }, ], id: "CVE-2020-35632", lastModified: "2024-11-21T05:27:44.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:14.213", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_hedge() e-)set_vertex()", }, ], id: "CVE-2020-28605", lastModified: "2024-11-21T05:23:00.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.513", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_edge() eh-)center_vertex():", }, ], id: "CVE-2020-28620", lastModified: "2024-11-21T05:23:02.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.240", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_volume() seh-)twin()", }, ], id: "CVE-2020-28628", lastModified: "2024-11-21T05:23:03.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.637", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)sprev()", }, ], id: "CVE-2020-28629", lastModified: "2024-11-21T05:23:03.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.687", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)incident_sface()", }, ], id: "CVE-2020-28632", lastModified: "2024-11-21T05:23:04.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.833", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_face() set_halfedge()", }, ], id: "CVE-2020-28607", lastModified: "2024-11-21T05:23:00.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.610", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-04 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código en la funcionalidad polygon-parsing de Nef de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura oob en la función SNC_io_parser::read_sloop() slh->twin() del archivo Nef_S2/SNC_io_parser.h, Un atacante puede proporcionar información maliciosa para desencadenar esta vulnerabilidad", }, ], id: "CVE-2020-28636", lastModified: "2024-11-21T05:23:04.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-04T20:15:13.193", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_vertex() vh-)svertices_last()", }, ], id: "CVE-2020-28613", lastModified: "2024-11-21T05:23:01.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.903", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conducir a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_2/PM_io_parser.h en la función PM_io_parser(PMDEC)::read_vertex() Halfedge_of[]", }, ], id: "CVE-2020-28602", lastModified: "2024-11-21T05:22:59.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:12.363", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_edge() eh-)out_sedge()", }, ], id: "CVE-2020-28621", lastModified: "2024-11-21T05:23:02.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.287", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_edge() eh-)twin()", }, ], id: "CVE-2020-28619", lastModified: "2024-11-21T05:23:02.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.190", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código en la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)snext()", }, ], id: "CVE-2020-28630", lastModified: "2024-11-21T05:23:04.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.737", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-34 | ||
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-34 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cgal | computational_geometry_algorithms_library | 5.1.1 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7C311021-93EC-4DA0-A65A-814821D1BD37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades de ejecución de código la funcionalidad de análisis de polígonos Nef de CGAL libcgal versión CGAL-5.1.1. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar cualquiera de estas vulnerabilidades. Se presenta una vulnerabilidad de lectura fuera de límites en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sedge() seh-)source()", }, ], id: "CVE-2020-28631", lastModified: "2024-11-21T05:23:04.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-18T17:15:13.783", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "talos-cna@cisco.com", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "talos-cna@cisco.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }