CVE-2020-35629 – This vulnerability in CGAL library allows remot... (How to Fix)

Q: What is the severity of CVE-2020-35629?

CVE-2020-35629 has a CVSS score of 8.8 (HIGH). This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and type confusion vulnerabilities to execute arbitrary code on affected systems. Any application using CGAL for polygon parsing is potentially vulnerable.

📋 TL;DR

This vulnerability in CGAL library allows remote code execution through specially crafted polygon files. Attackers can exploit out-of-bounds read and type confusion vulnerabilities to execute arbitrary code on affected systems. Any application using CGAL for polygon parsing is potentially vulnerable.

💻 Affected Systems

Products:

CGAL (Computational Geometry Algorithms Library)

Versions: CGAL-5.1.1 and earlier versions with Nef polygon functionality

Operating Systems: Linux, Unix-like systems, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only applications using CGAL's Nef polygon parsing functionality are affected. Many CGAL users may not use this specific feature.

📦 What is this software?

Computational Geometry Algorithms Library by Cgal

View all CVEs affecting Computational Geometry Algorithms Library →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Application crash leading to denial of service, with potential for limited code execution depending on application context and memory protections.

🟢

If Mitigated

Application crash without code execution if modern exploit mitigations (ASLR, DEP) are effective, though information disclosure may still occur.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specially crafted polygon files and knowledge of the vulnerable parsing functionality. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CGAL-5.1.2 and later

Vendor Advisory: https://www.cgal.org/

Restart Required: Yes

Instructions:

1. Update CGAL to version 5.1.2 or later. 2. Recompile any applications using CGAL. 3. Restart affected services. 4. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade libcgal-dev' (Debian/Ubuntu) or 'sudo yum update CGAL' (RHEL/CentOS).

🔧 Temporary Workarounds

Disable Nef polygon parsing

all

Modify applications to avoid using CGAL's Nef polygon parsing functionality if not required.

Input validation

all

Implement strict validation of polygon files before passing to CGAL parsing functions.

🧯 If You Can't Patch

Network segmentation to isolate systems using CGAL
Implement strict file upload controls and scanning for polygon files

🔍 How to Verify

Check if Vulnerable:

Check CGAL version: 'pkg-config --modversion cgal' or check installed packages for CGAL version 5.1.1 or earlier.

Check Version:

pkg-config --modversion cgal || dpkg -l | grep libcgal || rpm -qa | grep -i cgal

Verify Fix Applied:

Verify CGAL version is 5.1.2 or later using version check command and test polygon parsing functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing polygon files
Memory access violation errors in application logs
Unexpected process termination of CGAL-based applications

Network Indicators:

Unusual file uploads to applications using CGAL
Network traffic patterns suggesting file transfer to vulnerable services

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation" OR "out of bounds") AND process="*cgal*"

📊 Metadata

CVE ID: CVE-2020-35629

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: April 18, 2022

Last Updated: November 21, 2024

🔗 References

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35629, you might also want to check these: