CVE-2020-35635 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2020-35635?

CVE-2020-35635 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote code execution through an out-of-bounds read and type confusion in CGAL's Nef polygon-parsing functionality. Attackers can exploit it by providing specially crafted malformed files to applications using the vulnerable library. Any system running applications that use CGAL libcgal to parse polygon files is potentially affected.

📋 TL;DR

This vulnerability allows remote code execution through an out-of-bounds read and type confusion in CGAL's Nef polygon-parsing functionality. Attackers can exploit it by providing specially crafted malformed files to applications using the vulnerable library. Any system running applications that use CGAL libcgal to parse polygon files is potentially affected.

💻 Affected Systems

Products:

CGAL (Computational Geometry Algorithms Library)

Versions: CGAL-5.1.1 and earlier versions with the vulnerable code

Operating Systems: Linux, Unix-like systems, Windows (if compiled with vulnerable CGAL)

Default Config Vulnerable: ⚠️ Yes

Notes: Only applications that use CGAL's Nef polygon-parsing functionality are vulnerable. Not all CGAL applications may be affected.

📦 What is this software?

Computational Geometry Algorithms Library by Cgal

View all CVEs affecting Computational Geometry Algorithms Library →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution with the privileges of the application using CGAL, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure through memory reads.

🟢

If Mitigated

No impact if the vulnerable library is not used or if input validation prevents malicious files.

🌐 Internet-Facing: MEDIUM - Requires applications to accept and process malicious polygon files from untrusted sources.

🏢 Internal Only: LOW - Typically requires user interaction to open malicious files or specific application functionality.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a specific malformed polygon file and getting it processed by a vulnerable application. The Talos report provides technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CGAL-5.1.2 and later

Vendor Advisory: https://www.cgal.org/

Restart Required: Yes

Instructions:

1. Update CGAL to version 5.1.2 or later. 2. Recompile any applications using CGAL with the updated library. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of polygon files before processing with CGAL

Disable Nef polygon parsing

all

If not required, disable or remove functionality that uses CGAL's Nef polygon parsing

🧯 If You Can't Patch

Isolate systems using CGAL from untrusted networks and users
Implement application allowlisting to prevent execution of untrusted polygon processing applications

🔍 How to Verify

Check if Vulnerable:

Check if applications use CGAL and examine version: ldd /path/to/application | grep -i cgal, or check package manager for installed CGAL version

Check Version:

For source installations: check CGAL version in source code or configuration files

Verify Fix Applied:

Verify CGAL version is 5.1.2 or later: dpkg -l libcgal* (Debian/Ubuntu) or rpm -qa | grep -i cgal (RHEL/Fedora)

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults when processing polygon files
Unexpected memory access errors in CGAL-related processes

Network Indicators:

Unusual file transfers of polygon files to vulnerable systems

SIEM Query:

Process: (name contains 'cgal' OR command_line contains 'cgal') AND (event_type = 'crash' OR exit_code = '139')

📊 Metadata

CVE ID: CVE-2020-35635

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: August 30, 2021

Last Updated: November 21, 2024

🔗 References

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202305-34
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35635, you might also want to check these: