CVE-2020-36428 – This vulnerability in the matio library allows ... (How to Fix)

Q: What is the severity of CVE-2020-36428?

CVE-2020-36428 has a CVSS score of 8.8 (HIGH). This vulnerability in the matio library allows heap-based buffer overflow when processing specially crafted MAT files. Attackers could execute arbitrary code or cause denial of service. Any application using matio 1.5.18 through 1.5.21 to read MAT files is affected.

📋 TL;DR

This vulnerability in the matio library allows heap-based buffer overflow when processing specially crafted MAT files. Attackers could execute arbitrary code or cause denial of service. Any application using matio 1.5.18 through 1.5.21 to read MAT files is affected.

💻 Affected Systems

Products:

matio (MAT File I/O Library)

Versions: 1.5.18 through 1.5.21

Operating Systems: All platforms where matio is used

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses matio to read MAT files is vulnerable. This includes scientific computing tools, data analysis software, and MATLAB-compatible applications.

📦 What is this software?

Matio by Matio Project

View all CVEs affecting Matio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to instability.

🟢

If Mitigated

Controlled crash with no code execution if memory protections (ASLR, DEP) are effective.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof-of-concept available through OSS-Fuzz. Exploitation requires crafting a malicious MAT file and getting it processed by vulnerable software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.22 and later

Vendor Advisory: https://github.com/tbeu/matio/releases

Restart Required: Yes

Instructions:

1. Identify applications using matio. 2. Update matio library to version 1.5.22 or later. 3. Rebuild applications if statically linked. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation for MAT files

all

Implement strict validation of MAT files before processing with matio library

Memory protection hardening

linux

Enable ASLR, DEP, and other memory protection mechanisms

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

Restrict processing of untrusted MAT files
Isolate matio-dependent applications in containers or sandboxes

🔍 How to Verify

Check if Vulnerable:

Check matio version with: matio-config --version or ldd on binaries to check linked library version

Check Version:

matio-config --version || grep -r "libmatio" /usr/lib* || ldd <application> | grep matio

Verify Fix Applied:

Confirm matio version is 1.5.22 or later and test with known malicious MAT files

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory corruption errors in application logs
Unexpected process termination

Network Indicators:

Unexpected MAT file transfers to vulnerable systems
MAT files from untrusted sources

SIEM Query:

process.name="*" AND event.action="segmentation fault" AND process.args:"matio"

📊 Metadata

CVE ID: CVE-2020-36428

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 20, 2021

Last Updated: November 21, 2024

🔗 References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36428, you might also want to check these: