ID

VAR-202010-1250


CVE

CVE-2020-9932


TITLE

plural  Apple  Memory corruption vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012778

DESCRIPTION

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. Apple tvOS and others are all products of Apple (Apple). tvOS is a smart TV operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iPadOS is an operating system for iPad tablets. There are security vulnerabilities in many Apple products. The following products and versions are affected: Safari versions prior to 13.0.1, iOS versions prior to 13.1 and iPadOS versions prior to 13.1, and versions prior to tvOS 13

Trust: 1.8

sources: NVD: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // VULHUB: VHN-188057 // VULMON: CVE-2020-9932

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:13.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:ltversion:(apple tv hd)

Trust: 0.8

vendor:アップルmodel:tvosscope:ltversion:(apple tv 4k)

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:safariscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion:13

Trust: 0.8

sources: JVNDB: JVNDB-2020-012778 // NVD: CVE-2020-9932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9932
value: HIGH

Trust: 1.0

NVD: CVE-2020-9932
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1465
value: HIGH

Trust: 0.6

VULHUB: VHN-188057
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9932
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9932
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188057
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9932
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9932
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Buffer error (CWE-119) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-188057 // JVNDB: JVNDB-2020-012778 // NVD: CVE-2020-9932

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1465

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1465

PATCH

title:HT210604 Apple  Security updateurl:https://support.apple.com/en-us/HT210603

Trust: 0.8

title:Multiple Apple Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132090

Trust: 0.6

sources: JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465

EXTERNAL IDS

db:NVDid:CVE-2020-9932

Trust: 2.6

db:JVNid:JVNVU98778455

Trust: 0.8

db:JVNDBid:JVNDB-2020-012778

Trust: 0.8

db:CNNVDid:CNNVD-202010-1465

Trust: 0.7

db:VULHUBid:VHN-188057

Trust: 0.1

db:VULMONid:CVE-2020-9932

Trust: 0.1

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

REFERENCES

url:https://support.apple.com/en-us/ht210603

Trust: 1.8

url:https://support.apple.com/en-us/ht210604

Trust: 1.8

url:https://support.apple.com/en-us/ht210605

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9932

Trust: 1.4

url:http://jvn.jp/vu/jvnvu98778455/index.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

SOURCES

db:VULHUBid:VHN-188057
db:VULMONid:CVE-2020-9932
db:JVNDBid:JVNDB-2020-012778
db:CNNVDid:CNNVD-202010-1465
db:NVDid:CVE-2020-9932

LAST UPDATE DATE

2024-08-14T13:04:22.084000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188057date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-9932date:2020-11-03T00:00:00
db:JVNDBid:JVNDB-2020-012778date:2021-06-01T07:20:00
db:CNNVDid:CNNVD-202010-1465date:2020-11-04T00:00:00
db:NVDid:CVE-2020-9932date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-188057date:2020-10-27T00:00:00
db:VULMONid:CVE-2020-9932date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-012778date:2021-06-01T00:00:00
db:CNNVDid:CNNVD-202010-1465date:2020-10-27T00:00:00
db:NVDid:CVE-2020-9932date:2020-10-27T21:15:15.713