CVE-2020-35633 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2020-35633?

CVE-2020-35633 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote code execution through a specially crafted file that triggers an out-of-bounds read and type confusion in CGAL's Nef polygon-parsing functionality. Attackers can exploit this by providing malicious input to applications using the vulnerable library. Systems using CGAL for computational geometry operations are affected.

📋 TL;DR

This vulnerability allows remote code execution through a specially crafted file that triggers an out-of-bounds read and type confusion in CGAL's Nef polygon-parsing functionality. Attackers can exploit this by providing malicious input to applications using the vulnerable library. Systems using CGAL for computational geometry operations are affected.

💻 Affected Systems

Products:

CGAL (Computational Geometry Algorithms Library)

Versions: CGAL-5.1.1 and earlier versions with Nef polygon functionality

Operating Systems: Linux, Windows, macOS - any OS running CGAL

Default Config Vulnerable: ⚠️ Yes

Notes: Only applications using CGAL's Nef_S2/SNC_io_parser.h functionality are vulnerable. Many CGAL applications may not use this specific component.

📦 What is this software?

Computational Geometry Algorithms Library by Cgal

View all CVEs affecting Computational Geometry Algorithms Library →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution leading to data theft, system takeover, or lateral movement within the network.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the context of the vulnerable application.

🟢

If Mitigated

Application crash with no code execution if memory protections (ASLR, DEP) are effective.

🌐 Internet-Facing: MEDIUM - Requires file upload or processing capability, but many CGAL applications may not be directly internet-facing.

🏢 Internal Only: MEDIUM - Internal applications processing untrusted geometry files could be exploited by malicious insiders or through compromised systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a specific malformed file and getting it processed by vulnerable application. Talos Intelligence has published detailed analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CGAL-5.1.2 and later

Vendor Advisory: https://www.cgal.org/

Restart Required: Yes

Instructions:

1. Update CGAL to version 5.1.2 or later. 2. Recompile any applications using CGAL. 3. Restart affected services/applications.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of polygon files before processing with CGAL

Disable Nef Polygon Parsing

all

If not required, disable or remove Nef polygon functionality from application

🧯 If You Can't Patch

Isolate systems using CGAL behind network segmentation
Implement strict file upload controls and sandbox processing of geometry files

🔍 How to Verify

Check if Vulnerable:

Check CGAL version: dpkg -l | grep libcgal (Debian/Ubuntu) or rpm -qa | grep -i cgal (RHEL/CentOS)

Check Version:

For source installations: check CGAL version in source code or configuration files

Verify Fix Applied:

Verify CGAL version is 5.1.2 or higher and applications have been recompiled

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing geometry files
Memory access violation errors in application logs

Network Indicators:

Unusual file uploads to geometry processing services

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation" OR "out of bounds") AND process="*cgal*"

📊 Metadata

CVE ID: CVE-2020-35633

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: August 30, 2021

Last Updated: November 21, 2024

🔗 References

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35633, you might also want to check these: