Details of VAR-202010-1331

ID

VAR-202010-1331

CVE

CVE-2020-3880

TITLE

Multiple Apple Product Buffer Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple watchOS is a smart watch operating system. Apple iPadOS is an operating system for iPad tablets. The following products and versions are affected: watchOS earlier than 6.1.2, iOS earlier than 13.3.1 and iPadOS earlier than 13.3.1, tvOS earlier than 13.3.1, macOS Catalina earlier than 10.15.3

Trust: 1.08

sources: NVD: CVE-2020-3880 // VULHUB: VHN-182005 // VULMON: CVE-2020-3880

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	13.3.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.3.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.1.2	Trust: 1.0

sources: NVD: CVE-2020-3880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3880
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202010-1471
value:	HIGH
Trust: 0.6
VULHUB:	VHN-182005
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3880
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3880
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-182005
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3880
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-182005 // NVD: CVE-2020-3880

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

PATCH

title:

Apple Repair measures for buffer errors and vulnerabilities in many products

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131868

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3880	Trust: 1.8
db:	CNNVD	id:	CNNVD-202010-1471	Trust: 0.7
db:	CNVD	id:	CNVD-2020-65927	Trust: 0.1
db:	VULHUB	id:	VHN-182005	Trust: 0.1
db:	VULMON	id:	CVE-2020-3880	Trust: 0.1

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

REFERENCES

url:	https://support.apple.com/en-us/ht210918	Trust: 1.8
url:	https://support.apple.com/en-us/ht210919	Trust: 1.8
url:	https://support.apple.com/en-us/ht210920	Trust: 1.8
url:	https://support.apple.com/en-us/ht210921	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3880	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

SOURCES

db:	VULHUB	id:	VHN-182005
db:	VULMON	id:	CVE-2020-3880
db:	CNNVD	id:	CNNVD-202010-1471
db:	NVD	id:	CVE-2020-3880

LAST UPDATE DATE

2024-08-14T14:32:00.778000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-182005	date:	2020-10-30T00:00:00
db:	VULMON	id:	CVE-2020-3880	date:	2020-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202010-1471	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-3880	date:	2020-10-30T01:32:19.157

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-182005	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-3880	date:	2020-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-1471	date:	2020-10-27T00:00:00
db:	NVD	id:	CVE-2020-3880	date:	2020-10-27T21:15:15.243