Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTalosCVE-2020-13495
HistoryApr 18, 2022 - 5:15 p.m.

CVE-2020-13495

2022-04-1817:15:12
CWE-119
CWE-787
talos
web.nvd.nist.gov
38
cve-2020-13495
pixar openusd
vulnerability
memory access
file handling
exploit
information disclosure
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

Affected configurations

Nvd
Vulners
Node
applemac_os_xMatch10.15.3
AND
pixaropenusdMatch20.05
VendorProductVersionCPE
applemac_os_x10.15.3cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*
pixaropenusd20.05cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "status": "affected",
        "version": "Catalina 10.15.3"
      }
    ]
  },
  {
    "product": "OpenUSD",
    "vendor": "Pixar",
    "versions": [
      {
        "status": "affected",
        "version": "20.05"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2020-13495
2022-04-18 17:15:12
prion
prion
Design/Logic Flaw
2022-04-18 17:15:00
cvelist
cvelist
CVE-2020-13495
2022-04-18 16:15:20

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON
Related for CVE-2020-13495
nvd1prion1cvelist1