CVE-2020-13495

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*

History

26 Apr 2022, 18:51

Type	Values Removed	Values Added
CWE		CWE-787
CPE		cpe:2.3:a:pixar:openusd:20.05:::::::* cpe:2.3:o:apple:mac_os_x:10.15.3:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 5.5
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104 - Exploit, Third Party Advisory

18 Apr 2022, 17:45

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-18 17:15

Updated : 2024-02-04 22:29

NVD link : CVE-2020-13495

Mitre link : CVE-2020-13495

CVE.ORG link : CVE-2020-13495

JSON object : View

Products Affected

apple

mac_os_x

pixar

openusd

CWE

CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2020-13495", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-04-18T17:15:12.057", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file."}, {"lang": "es", "value": "Se presenta una vulnerabilidad explotable en la forma en que Pixar OpenUSD versi\u00f3n 20.05 maneja las compensaciones de archivos en los archivos binarios USD. Un archivo malformado especialmente dise\u00f1ado puede desencadenar un acceso arbitrario a la memoria fuera de l\u00edmites que podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial. Esta vulnerabilidad podr\u00eda usarse para omitir las mitigaciones y ayudar a una explotaci\u00f3n adicional. Para desencadenar esta vulnerabilidad, la v\u00edctima necesita acceder a un archivo proporcionado por el atacante"}], "lastModified": "2022-04-26T18:51:55.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2989B344-FD33-4F80-9204-4A85CC59CF90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F45EEAA6-3F24-4422-9747-A9137D54B547"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}