cvelistv5 - cve-2020-3877

CVE-2020-3877 (GCVE-0-2020-3877)

Vulnerability from cvelistv5 – Published: 2020-02-27 20:45 – Updated: 2024-08-04 07:44

Summary

Severity ?

No CVSS data available.

CWE

A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT210919	x_refsource_MISC
	https://support.apple.com/HT210921	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < macOS Catalina 10.15.3 (custom)

Apple

watchOS

Affected: unspecified , < watchOS 6.1.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:44:51.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210919"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210921"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Catalina 10.15.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-27T20:45:05",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210919"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210921"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-3877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Catalina 10.15.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210919",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210919"
            },
            {
              "name": "https://support.apple.com/HT210921",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210921"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-3877",
    "datePublished": "2020-02-27T20:45:05",
    "dateReserved": "2019-12-18T00:00:00",
    "dateUpdated": "2024-08-04T07:44:51.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.15.3\", \"matchCriteriaId\": \"65C519D7-6C7C-4DDE-9D83-EE31E749AAFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.2\", \"matchCriteriaId\": \"53578351-17EB-4C7E-B736-78F0D01AF5DA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 una lectura fuera de l\\u00edmites con una comprobaci\\u00f3n de entrada mejorada. Este problema es corregido en macOS Catalina versi\\u00f3n 10.15.3, watchOS versi\\u00f3n 6.1.2. Un atacante remoto puede causar una finalizaci\\u00f3n inesperada de la aplicaci\\u00f3n o una ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2020-3877",
      "lastModified": "2024-11-21T05:31:52.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-27T21:15:18.787",
      "references": "[{\"url\": \"https://support.apple.com/HT210919\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210921\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210921\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3877\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-02-27T21:15:18.787\",\"lastModified\":\"2024-11-21T05:31:52.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 una lectura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada. Este problema es corregido en macOS Catalina versi\u00f3n 10.15.3, watchOS versi\u00f3n 6.1.2. Un atacante remoto puede causar una finalizaci\u00f3n inesperada de la aplicaci\u00f3n o una ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.3\",\"matchCriteriaId\":\"65C519D7-6C7C-4DDE-9D83-EE31E749AAFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.2\",\"matchCriteriaId\":\"53578351-17EB-4C7E-B736-78F0D01AF5DA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210919\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210921\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-063

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.3
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-001
Apple	N/A	iCloud pour Windows versions 10.x antérieures à 10.9.2
Apple	N/A	iOS versions antérieures à 13.3.1
Apple	N/A	watchOS versions antérieures à6.1.2
Apple	N/A	iCloud pour Windows versions antérieures à 7.17
Apple	Safari	Safari versions antérieures à 13.0.5
Apple	N/A	iPadOS versions antérieures à 13.3.1
Apple	N/A	tvOS versions antérieures à13.3.1
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-001
Apple	N/A	iTunes versions antérieures à 12.10.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210918 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210948 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210923 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210922 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210921 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210947 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210920 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210919 du 28 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions 10.x ant\u00e9rieures \u00e0 10.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e06.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e013.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3859"
    },
    {
      "name": "CVE-2020-3878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3878"
    },
    {
      "name": "CVE-2020-3860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3860"
    },
    {
      "name": "CVE-2020-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
    },
    {
      "name": "CVE-2020-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3873"
    },
    {
      "name": "CVE-2020-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3855"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2020-3869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3869"
    },
    {
      "name": "CVE-2020-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3843"
    },
    {
      "name": "CVE-2020-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3862"
    },
    {
      "name": "CVE-2020-3865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3865"
    },
    {
      "name": "CVE-2020-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3853"
    },
    {
      "name": "CVE-2020-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3857"
    },
    {
      "name": "CVE-2020-3858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3858"
    },
    {
      "name": "CVE-2020-3849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3849"
    },
    {
      "name": "CVE-2020-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3845"
    },
    {
      "name": "CVE-2020-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3870"
    },
    {
      "name": "CVE-2020-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3837"
    },
    {
      "name": "CVE-2020-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3834"
    },
    {
      "name": "CVE-2020-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3831"
    },
    {
      "name": "CVE-2020-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3830"
    },
    {
      "name": "CVE-2020-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3835"
    },
    {
      "name": "CVE-2020-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3848"
    },
    {
      "name": "CVE-2020-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3841"
    },
    {
      "name": "CVE-2020-3872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3872"
    },
    {
      "name": "CVE-2020-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3826"
    },
    {
      "name": "CVE-2020-3867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3867"
    },
    {
      "name": "CVE-2020-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3828"
    },
    {
      "name": "CVE-2020-3850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3850"
    },
    {
      "name": "CVE-2020-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3839"
    },
    {
      "name": "CVE-2020-3842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3842"
    },
    {
      "name": "CVE-2020-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3827"
    },
    {
      "name": "CVE-2020-3874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3874"
    },
    {
      "name": "CVE-2020-3854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3854"
    },
    {
      "name": "CVE-2020-3871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3871"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3833"
    },
    {
      "name": "CVE-2020-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3844"
    },
    {
      "name": "CVE-2020-3877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3877"
    },
    {
      "name": "CVE-2020-3868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3868"
    },
    {
      "name": "CVE-2020-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3856"
    },
    {
      "name": "CVE-2020-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3846"
    },
    {
      "name": "CVE-2020-3861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3861"
    },
    {
      "name": "CVE-2020-3825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3825"
    },
    {
      "name": "CVE-2020-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3840"
    },
    {
      "name": "CVE-2020-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3829"
    },
    {
      "name": "CVE-2020-3836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3836"
    },
    {
      "name": "CVE-2020-3875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3875"
    },
    {
      "name": "CVE-2020-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3847"
    },
    {
      "name": "CVE-2020-3866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3866"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-063",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-29T00:00:00.000000"
    },
    {
      "description": "Ajout des avis HT210947 et HT210948 du 28 janvier 2020",
      "revision_date": "2020-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210918 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210918"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210948 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210948"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210923 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210923"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210922 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210922"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210921 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210921"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210947 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210947"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210920 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210920"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210919 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210919"
    }
  ]
}

CERTFR-2020-AVI-063

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.3
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-001
Apple	N/A	iCloud pour Windows versions 10.x antérieures à 10.9.2
Apple	N/A	iOS versions antérieures à 13.3.1
Apple	N/A	watchOS versions antérieures à6.1.2
Apple	N/A	iCloud pour Windows versions antérieures à 7.17
Apple	Safari	Safari versions antérieures à 13.0.5
Apple	N/A	iPadOS versions antérieures à 13.3.1
Apple	N/A	tvOS versions antérieures à13.3.1
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-001
Apple	N/A	iTunes versions antérieures à 12.10.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT210918 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210948 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210923 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210922 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210921 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210947 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210920 du 28 janvier 2020	None	vendor-advisory
Bulletin de sécurité Apple HT210919 du 28 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2020-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions 10.x ant\u00e9rieures \u00e0 10.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e06.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e013.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra sans le correctif de s\u00e9curit\u00e9 2020-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3859"
    },
    {
      "name": "CVE-2020-3878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3878"
    },
    {
      "name": "CVE-2020-3860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3860"
    },
    {
      "name": "CVE-2020-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
    },
    {
      "name": "CVE-2020-3873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3873"
    },
    {
      "name": "CVE-2020-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3855"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2020-3869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3869"
    },
    {
      "name": "CVE-2020-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3843"
    },
    {
      "name": "CVE-2020-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3862"
    },
    {
      "name": "CVE-2020-3865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3865"
    },
    {
      "name": "CVE-2020-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3853"
    },
    {
      "name": "CVE-2020-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3857"
    },
    {
      "name": "CVE-2020-3858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3858"
    },
    {
      "name": "CVE-2020-3849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3849"
    },
    {
      "name": "CVE-2020-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3845"
    },
    {
      "name": "CVE-2020-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3870"
    },
    {
      "name": "CVE-2020-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3837"
    },
    {
      "name": "CVE-2020-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3834"
    },
    {
      "name": "CVE-2020-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3831"
    },
    {
      "name": "CVE-2020-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3830"
    },
    {
      "name": "CVE-2020-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3835"
    },
    {
      "name": "CVE-2020-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3848"
    },
    {
      "name": "CVE-2020-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3841"
    },
    {
      "name": "CVE-2020-3872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3872"
    },
    {
      "name": "CVE-2020-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3826"
    },
    {
      "name": "CVE-2020-3867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3867"
    },
    {
      "name": "CVE-2020-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3828"
    },
    {
      "name": "CVE-2020-3850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3850"
    },
    {
      "name": "CVE-2020-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3839"
    },
    {
      "name": "CVE-2020-3842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3842"
    },
    {
      "name": "CVE-2020-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3827"
    },
    {
      "name": "CVE-2020-3874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3874"
    },
    {
      "name": "CVE-2020-3854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3854"
    },
    {
      "name": "CVE-2020-3871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3871"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3833"
    },
    {
      "name": "CVE-2020-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3844"
    },
    {
      "name": "CVE-2020-3877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3877"
    },
    {
      "name": "CVE-2020-3868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3868"
    },
    {
      "name": "CVE-2020-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3856"
    },
    {
      "name": "CVE-2020-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3846"
    },
    {
      "name": "CVE-2020-3861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3861"
    },
    {
      "name": "CVE-2020-3825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3825"
    },
    {
      "name": "CVE-2020-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3840"
    },
    {
      "name": "CVE-2020-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3829"
    },
    {
      "name": "CVE-2020-3836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3836"
    },
    {
      "name": "CVE-2020-3875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3875"
    },
    {
      "name": "CVE-2020-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3847"
    },
    {
      "name": "CVE-2020-3866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3866"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-063",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-29T00:00:00.000000"
    },
    {
      "description": "Ajout des avis HT210947 et HT210948 du 28 janvier 2020",
      "revision_date": "2020-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210918 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210918"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210948 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210948"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210923 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210923"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210922 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210922"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210921 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210921"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210947 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210947"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210920 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210920"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT210919 du 28 janvier 2020",
      "url": "https://support.apple.com/en-us/HT210919"
    }
  ]
}

GHSA-J8JM-XPP4-34XM

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3877"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
  "id": "GHSA-j8jm-xpp4-34xm",
  "modified": "2022-05-24T17:09:49Z",
  "published": "2022-05-24T17:09:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3877"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210919"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-04830

Vulnerability from cnvd - Published: 2020-02-12

Title

Apple macOS Catalina越界读取漏洞

Description

Apple macOS Catalina是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。sips是其中的一个图片处理组件。 Apple macOS Catalina存在越界读取漏洞。远程攻击者可利用漏洞导致意外的应用程序终止或任意代码执行。

Severity

高

Patch Name

Apple macOS Catalina越界读取漏洞的补丁

Patch Description

Apple macOS Catalina是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。sips是其中的一个图片处理组件。 Apple macOS Catalina存在越界读取漏洞。远程攻击者可利用漏洞导致意外的应用程序终止或任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://seclists.org/fulldisclosure/2020/Jan/40

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3877

Impacted products

Name
Apple macOS Catalina

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3877"
    }
  },
  "description": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002sips\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u7247\u5904\u7406\u7ec4\u4ef6\u3002\n\nApple macOS Catalina\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u610f\u5916\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec8\u6b62\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://seclists.org/fulldisclosure/2020/Jan/40",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04830",
  "openTime": "2020-02-12",
  "patchDescription": "Apple macOS Catalina\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002sips\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u7247\u5904\u7406\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Catalina\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u610f\u5916\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec8\u6b62\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Catalina\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS Catalina"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3877",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-05",
  "title": "Apple macOS Catalina\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}

FKIE_CVE-2020-3877

Vulnerability from fkie_nvd - Published: 2020-02-27 21:15 - Updated: 2024-11-21 05:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT210919	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT210921	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210919	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210921	Release Notes, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C519D7-6C7C-4DDE-9D83-EE31E749AAFF",
              "versionEndExcluding": "10.15.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53578351-17EB-4C7E-B736-78F0D01AF5DA",
              "versionEndExcluding": "6.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 una lectura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada. Este problema es corregido en macOS Catalina versi\u00f3n 10.15.3, watchOS versi\u00f3n 6.1.2. Un atacante remoto puede causar una finalizaci\u00f3n inesperada de la aplicaci\u00f3n o una ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2020-3877",
  "lastModified": "2024-11-21T05:31:52.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-27T21:15:18.787",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210919"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210921"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202002-1190

Vulnerability from variot - Updated: 2023-12-18 11:17

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Messages. User interaction is required to exploit this vulnerability in that the target must open the Messages application.The specific flaw exists within the HandwritingProvider module in the Messages application. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Both Apple watchOS and Apple macOS Catalina are products of Apple Inc. in the United States. Apple macOS Catalina is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the AnnotationKit component in Apple watchOS versions prior to 6.1.2 and macOS Catalina versions prior to 10.15.3. CVE-2020-3877: an anonymous researcher working with Trend Micro's Zero Day Initiative

Audio Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3870 CVE-2020-3878: Samuel Groß of Google Project Zero

IOAcceleratorFamily Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3837: Brandon Azad of Google Project Zero

Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An access issue was addressed with improved memory management. CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite

Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3842: Ned Williamson working with Google Project Zero

Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-3834: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc, Luyi Xing of Indiana University Bloomington

Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3860: Proteas of Qihoo 360 Nirvan Team

Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3853: Brandon Azad of Google Project Zero

libxpc Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3856: Ian Beer of Google Project Zero

libxpc Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-3829: Ian Beer of Google Project Zero

wifivelocityd Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Additional recognition

IOSurface We would like to acknowledge Liang Chen (@chenliang0817) for their assistance.

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y 0M2stQ/+OuyWKYzmyoukbioqc52unZuM9BR/7DSPTXV3V2DZiOnbB9g/GjSXfZ6B MwgIrhKfXW3krfSQFgeQVeAeoZWSYNpp3+C+gmc1o1sJwuFOIljiLGLAZGYh18u+ /eLLKFPQEmTn7JxQyIltCmVba3RHK0/ejmM9Ixrxz7LfwDlYJAJpfUnv7othupHx 17VvkPb4FRIiwpi1XF3iqDAtm6KXe8PJth5HaLpvLFUFo+AqEIF1UdK6iB4Sn6GO Qm5xmuJHLZvz6Bbz211LcWmyR5qFtp/FsIDIR9kX8g1DnaUY4/7atF5CAwA4hiz5 dW+2hYwG7XLg2b0i+MMatEOrT90CAfb1gMK2WdAbPOfVkuCDAM4GAGI1EkCYPUhP /nxw9EVPlfSkxqcIRgw4dg3T3Sij29UAoh8R11I+Q4rkWZU6t8QDohZ8Nwo1W3DZ XCa5sRmoXw5oKgQTby+aDd2Bk5IeLWThOJy0sx42BlMAhynh008PJZmFIQLXwgiI 5Scf2BMc8SxO1TwuyTyOoOx3Y82PfFw1Pw7dgoNlXcMZa/nzSUEzg7zJhKr3JGs+ tusuHY5pFE5ATTVifBPREyPc79KhaLF4BjlH58VYaPw09jyC0cb8C61foGsR1BjT Ua+Wg313tcHsC4gUUFn9dtLzJcgx+7GlDglpAPGIxd7OOeotvD8= =ZxyW -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1190",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.3"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.15.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "message",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.2"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-3877",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002297",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-182002",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002297",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-3877",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-3877",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-002297",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-3877",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1441",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-182002",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Messages. User interaction is required to exploit this vulnerability in that the target must open the Messages application.The specific flaw exists within the HandwritingProvider module in the Messages application. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Both Apple watchOS and Apple macOS Catalina are products of Apple Inc. in the United States. Apple macOS Catalina is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the AnnotationKit component in Apple watchOS versions prior to 6.1.2 and macOS Catalina versions prior to 10.15.3. \nCVE-2020-3877: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nAudio\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team\n\nImageIO\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3870\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3837: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-3875: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2020-3836: Brandon Azad of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3872: Haakon Garseg M\u00f8rk of Cognite and Cim Stordal of\nCognite\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3842: Ned Williamson working with Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-3834: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc,\nLuyi Xing of Indiana University Bloomington\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-3860: Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3853: Brandon Azad of Google Project Zero\n\nlibxpc\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-3856: Ian Beer of Google Project Zero\n\nlibxpc\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-3829: Ian Beer of Google Project Zero\n\nwifivelocityd\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nAdditional recognition\n\nIOSurface\nWe would like to acknowledge Liang Chen (@chenliang0817) for their\nassistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y\n0M2stQ/+OuyWKYzmyoukbioqc52unZuM9BR/7DSPTXV3V2DZiOnbB9g/GjSXfZ6B\nMwgIrhKfXW3krfSQFgeQVeAeoZWSYNpp3+C+gmc1o1sJwuFOIljiLGLAZGYh18u+\n/eLLKFPQEmTn7JxQyIltCmVba3RHK0/ejmM9Ixrxz7LfwDlYJAJpfUnv7othupHx\n17VvkPb4FRIiwpi1XF3iqDAtm6KXe8PJth5HaLpvLFUFo+AqEIF1UdK6iB4Sn6GO\nQm5xmuJHLZvz6Bbz211LcWmyR5qFtp/FsIDIR9kX8g1DnaUY4/7atF5CAwA4hiz5\ndW+2hYwG7XLg2b0i+MMatEOrT90CAfb1gMK2WdAbPOfVkuCDAM4GAGI1EkCYPUhP\n/nxw9EVPlfSkxqcIRgw4dg3T3Sij29UAoh8R11I+Q4rkWZU6t8QDohZ8Nwo1W3DZ\nXCa5sRmoXw5oKgQTby+aDd2Bk5IeLWThOJy0sx42BlMAhynh008PJZmFIQLXwgiI\n5Scf2BMc8SxO1TwuyTyOoOx3Y82PfFw1Pw7dgoNlXcMZa/nzSUEzg7zJhKr3JGs+\ntusuHY5pFE5ATTVifBPREyPc79KhaLF4BjlH58VYaPw09jyC0cb8C61foGsR1BjT\nUa+Wg313tcHsC4gUUFn9dtLzJcgx+7GlDglpAPGIxd7OOeotvD8=\n=ZxyW\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "PACKETSTORM",
        "id": "156129"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-3877",
        "trust": 3.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-216",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU95678717",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-9383",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156129",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0354",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04830",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "PACKETSTORM",
        "id": "156129"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "id": "VAR-202002-1190",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:17:31.297000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210919",
        "trust": 1.5,
        "url": "https://support.apple.com/en-us/ht210919"
      },
      {
        "title": "HT210921",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210921"
      },
      {
        "title": "HT210921",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210921"
      },
      {
        "title": "HT210919",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210919"
      },
      {
        "title": "Apple watchOS  and macOS Catalina AnnotationKit Fix for component buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109534"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210919"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210921"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3877"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3877"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95678717/"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/ht210919"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210921"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0354/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-31449"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156129/apple-security-advisory-2020-1-28-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-216/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3857"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3856"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3872"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3829"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "PACKETSTORM",
        "id": "156129"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "db": "PACKETSTORM",
        "id": "156129"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "date": "2020-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "date": "2020-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "date": "2020-01-29T17:17:18",
        "db": "PACKETSTORM",
        "id": "156129"
      },
      {
        "date": "2020-02-27T21:15:18.787000",
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "date": "2020-01-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-216"
      },
      {
        "date": "2020-03-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-182002"
      },
      {
        "date": "2020-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      },
      {
        "date": "2020-03-02T15:33:13.230000",
        "db": "NVD",
        "id": "CVE-2020-3877"
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "macOS Catalina and  watchOS Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002297"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1441"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-3877

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-3877

Aliases

CVE-2020-3877

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3877",
    "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
    "id": "GSD-2020-3877"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3877"
      ],
      "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
      "id": "GSD-2020-3877",
      "modified": "2023-12-13T01:22:10.369330Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-3877",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Catalina 10.15.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "watchOS 6.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210919",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210919"
          },
          {
            "name": "https://support.apple.com/HT210921",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210921"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-3877"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210919",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210919"
            },
            {
              "name": "https://support.apple.com/HT210921",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210921"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-03-02T15:33Z",
      "publishedDate": "2020-02-27T21:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3877 (GCVE-0-2020-3877)

CERTFR-2020-AVI-063

Solution

CERTFR-2020-AVI-063

Solution

GHSA-J8JM-XPP4-34XM

CNVD-2020-04830

FKIE_CVE-2020-3877

VAR-202002-1190

GSD-2020-3877

Tags

Sightings

Nomenclature