CVE-2020-28599

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Openscad version openscad-2020.12-RC2

Description: A stack-based buffer overflow vulnerability exists in the import stl.cc:import stl() functionality. This vulnerability can be triggered by a specially crafted STL file, potentially leading to code execution. An attacker can exploit this issue by providing a malicious file.

Recommendations: For Openscad version openscad-2020.12-RC2, consider avoiding the use of the import stl() functionality until a patch is available. As a temporary workaround, restrict the import of STL files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2020-28599

MGASA-2021-0157

Affected Products

Openscad

CVE-2020-28599

Weakness Enumeration

Related Identifiers

Affected Products

References · 26