Lucene search

TalosCVELIST:CVE-2020-13498

HistoryDec 02, 2020 - 5:30 p.m.

CVE-2020-13498

2020-12-0217:30:32

CWE-125

talos

www.cve.org

pixar openusd

vulnerability

information disclosure

out of bounds

memory access

exploitation

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "Catalina 10.15.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Pixar",
    "product": "OpenUSD",
    "versions": [
      {
        "version": "20.05",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1105

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Related for CVELIST:CVE-2020-13498