Details of VAR-202010-1250

ID

VAR-202010-1250

CVE

CVE-2020-9932

TITLE

plural Apple Memory corruption vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012778

DESCRIPTION

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. Apple tvOS and others are all products of Apple (Apple). tvOS is a smart TV operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iPadOS is an operating system for iPad tablets. There are security vulnerabilities in many Apple products. The following products and versions are affected: Safari versions prior to 13.0.1, iOS versions prior to 13.1 and iPadOS versions prior to 13.1, and versions prior to tvOS 13

Trust: 1.8

sources: NVD: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // VULHUB: VHN-188057 // VULMON: CVE-2020-9932

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	13.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.1	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	lt	version:	(apple tv hd)	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	lt	version:	(apple tv 4k)	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	safari	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	eq	version:	13	Trust: 0.8

sources: JVNDB: JVNDB-2020-012778 // NVD: CVE-2020-9932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9932
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9932
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1465
value:	HIGH
Trust: 0.6
VULHUB:	VHN-188057
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9932
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9932
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-188057
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9932
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9932
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-188057 // JVNDB: JVNDB-2020-012778 // NVD: CVE-2020-9932

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1465

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1465

PATCH

title:	HT210604 Apple Security update	url:	https://support.apple.com/en-us/HT210603	Trust: 0.8
title:	Multiple Apple Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132090	Trust: 0.6

sources: JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9932	Trust: 2.6
db:	JVN	id:	JVNVU98778455	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012778	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1465	Trust: 0.7
db:	VULHUB	id:	VHN-188057	Trust: 0.1
db:	VULMON	id:	CVE-2020-9932	Trust: 0.1

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

REFERENCES

url:	https://support.apple.com/en-us/ht210603	Trust: 1.8
url:	https://support.apple.com/en-us/ht210604	Trust: 1.8
url:	https://support.apple.com/en-us/ht210605	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9932	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu98778455/index.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-188057 // VULMON: CVE-2020-9932 // JVNDB: JVNDB-2020-012778 // CNNVD: CNNVD-202010-1465 // NVD: CVE-2020-9932

SOURCES

db:	VULHUB	id:	VHN-188057
db:	VULMON	id:	CVE-2020-9932
db:	JVNDB	id:	JVNDB-2020-012778
db:	CNNVD	id:	CNNVD-202010-1465
db:	NVD	id:	CVE-2020-9932

LAST UPDATE DATE

2024-08-14T13:04:22.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188057	date:	2021-07-21T00:00:00
db:	VULMON	id:	CVE-2020-9932	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012778	date:	2021-06-01T07:20:00
db:	CNNVD	id:	CNNVD-202010-1465	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-9932	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188057	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-9932	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012778	date:	2021-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202010-1465	date:	2020-10-27T00:00:00
db:	NVD	id:	CVE-2020-9932	date:	2020-10-27T21:15:15.713