CVE-2020-28600: 
NixOS vulnerability analysis and mitigation

CVE-2020-28600 is an out-of-bounds write vulnerability discovered in the importstl.cc:importstl() functionality of Openscad version openscad-2020.12-RC2. The vulnerability was discovered by Lilith of Cisco Talos and publicly disclosed on February 23, 2021, following vendor notification on January 11, 2021 (Talos).

The vulnerability exists in the STL file import functionality of OpenSCAD, specifically in the importstl() function. When processing vertex coordinates in STL files, if a vertex coordinate raises an error from boost::lexicalcast, the code sets an index variable 'i' to 10, which later leads to an out-of-bounds write to vdata[10][v]. This can result in overwriting a pointer inside a boost::sharedptr, allowing controlled manipulation during the sharedptr's destructor. The vulnerability has been assigned a CVSS v3.0 score of 8.8 (HIGH) with vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos).

The vulnerability can lead to arbitrary code execution when a specially crafted STL file is loaded into OpenSCAD. This occurs when a user either loads or writes an OpenSCAD script that references the malicious STL file (Debian).

The vulnerability was addressed in subsequent versions of OpenSCAD. Users should update to a patched version of the software. The fix was also backported to various Linux distributions, including Debian 10 (Buster) (Debian).