Wednesday, August 4, 2021

Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader



Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered that a specific function of tinyobjloader does not properly validate array indexes. An adversary could trick a user into opening a specially crafted file, causing an index out-of-bounds condition, potentially leading to code execution. Tinyobjloader is an open-source loader for embedding the .obj loader into graphics-rendering projects.

In accordance with our coordinated disclosure policy, Cisco Talos worked with tinyobjloader to ensure that this issue is resolved and that an update is available for affected customers.

Vulnerability details

tinyobjloader LoadObj improper array index validation vulnerability (TALOS-2020-1212/CVE-2020-28589)

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 


Versions tested

Talos tested and confirmed that this vulnerability affects development commit 79d4421 and version 2.0-rc1 of tinyobjloader.


Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 56539, 56540

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.