ID

VAR-202010-1331


CVE

CVE-2020-3880


TITLE

Multiple Apple Product Buffer Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple watchOS is a smart watch operating system. Apple iPadOS is an operating system for iPad tablets. The following products and versions are affected: watchOS earlier than 6.1.2, iOS earlier than 13.3.1 and iPadOS earlier than 13.3.1, tvOS earlier than 13.3.1, macOS Catalina earlier than 10.15.3

Trust: 1.08

sources: NVD: CVE-2020-3880 // VULHUB: VHN-182005 // VULMON: CVE-2020-3880

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.3.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.1.2

Trust: 1.0

sources: NVD: CVE-2020-3880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3880
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202010-1471
value: HIGH

Trust: 0.6

VULHUB: VHN-182005
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3880
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3880
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-182005
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3880
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-182005 // NVD: CVE-2020-3880

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

PATCH

title:Apple Repair measures for buffer errors and vulnerabilities in many productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131868

Trust: 0.6

sources: CNNVD: CNNVD-202010-1471

EXTERNAL IDS

db:NVDid:CVE-2020-3880

Trust: 1.8

db:CNNVDid:CNNVD-202010-1471

Trust: 0.7

db:CNVDid:CNVD-2020-65927

Trust: 0.1

db:VULHUBid:VHN-182005

Trust: 0.1

db:VULMONid:CVE-2020-3880

Trust: 0.1

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

REFERENCES

url:https://support.apple.com/en-us/ht210918

Trust: 1.8

url:https://support.apple.com/en-us/ht210919

Trust: 1.8

url:https://support.apple.com/en-us/ht210920

Trust: 1.8

url:https://support.apple.com/en-us/ht210921

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3880

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-182005 // VULMON: CVE-2020-3880 // CNNVD: CNNVD-202010-1471 // NVD: CVE-2020-3880

SOURCES

db:VULHUBid:VHN-182005
db:VULMONid:CVE-2020-3880
db:CNNVDid:CNNVD-202010-1471
db:NVDid:CVE-2020-3880

LAST UPDATE DATE

2024-08-14T14:32:00.778000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-182005date:2020-10-30T00:00:00
db:VULMONid:CVE-2020-3880date:2020-10-30T00:00:00
db:CNNVDid:CNNVD-202010-1471date:2021-08-16T00:00:00
db:NVDid:CVE-2020-3880date:2020-10-30T01:32:19.157

SOURCES RELEASE DATE

db:VULHUBid:VHN-182005date:2020-10-27T00:00:00
db:VULMONid:CVE-2020-3880date:2020-10-27T00:00:00
db:CNNVDid:CNNVD-202010-1471date:2020-10-27T00:00:00
db:NVDid:CVE-2020-3880date:2020-10-27T21:15:15.243