Sign-up

ID

VAR-202010-1504


CVE

CVE-2020-9937


TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-009628

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple An out-of-bounds write vulnerability exists in the product due to a flaw in the processing related to boundary checks.Arbitrary code can be executed by processing maliciously created images. Apple iTunes for Windows is a media player application program based on Windows platform of Apple (Apple). ImageIO is one of the components that reads and writes image data. A security vulnerability exists in the ImageIO component of Apple iTunes for Windows prior to 12.10.8. Apple iTunes for Windows could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds write in the ImageIO component

Trust: 1.8

sources: NVD: CVE-2020-9937 // JVNDB: JVNDB-2020-009628 // VULHUB: VHN-188062 // VULMON: CVE-2020-9937

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.8

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:eqversion:7.20 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:11.3 未満 (microsoft store から入手した windows 10 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.10.8 未満 (windows 7 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-009628 // NVD: CVE-2020-9937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9937
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009628
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1778
value: HIGH

Trust: 0.6

VULHUB: VHN-188062
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9937
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9937
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009628
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188062
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9937
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009628
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188062 // VULMON: CVE-2020-9937 // JVNDB: JVNDB-2020-009628 // CNNVD: CNNVD-202007-1778 // NVD: CVE-2020-9937

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-188062 // JVNDB: JVNDB-2020-009628 // NVD: CVE-2020-9937

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1778

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1778

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009628

PATCH
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211293url:https://support.apple.com/en-us/HT211293
Trust: 0.8
title:HT211294url:https://support.apple.com/en-us/HT211294
Trust: 0.8
title:HT211295url:https://support.apple.com/en-us/HT211295
Trust: 0.8
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/en-us/HT211290
Trust: 0.8
title:HT211293url:https://support.apple.com/ja-jp/HT211293
Trust: 0.8
title:HT211294url:https://support.apple.com/ja-jp/HT211294
Trust: 0.8
title:HT211295url:https://support.apple.com/ja-jp/HT211295
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/ja-jp/HT211290
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
title:Apple iTunes for Windows ImageIO Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=125954
Trust: 0.6
title:Apple: iCloud for Windows 7.20url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50e6b35a047c9702f4cdebdf81483b05
Trust: 0.1
title:Apple: iCloud for Windows 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=947a08401ec7e5f309d5ae26f5006f48
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-9937 // 
            
            
            
            JVNDB: JVNDB-2020-009628 // 
            
            
            
            CNNVD: CNNVD-202007-1778

EXTERNAL IDS
db:NVDid:CVE-2020-9937
Trust: 2.6
db:JVNid:JVNVU95491800
Trust: 0.8
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-009628
Trust: 0.8
db:CNNVDid:CNNVD-202007-1778
Trust: 0.7
db:NSFOCUSid:50001
Trust: 0.6
db:CNVDid:CNVD-2020-51491
Trust: 0.1
db:VULHUBid:VHN-188062
Trust: 0.1
db:VULMONid:CVE-2020-9937
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188062 // 
            
            
            
            VULMON: CVE-2020-9937 // 
            
            
            
            JVNDB: JVNDB-2020-009628 // 
            
            
            
            CNNVD: CNNVD-202007-1778 // 
            
            
            
            NVD: CVE-2020-9937

REFERENCES
url:https://support.apple.com/kb/ht211293
Trust: 2.4
url:https://support.apple.com/kb/ht211294
Trust: 2.4
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211290
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://support.apple.com/kb/ht211295
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9937
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9937
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95491800/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:https://support.apple.com/en-us/ht211295
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50001
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/186153
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188062 // 
            
            
            
            VULMON: CVE-2020-9937 // 
            
            
            
            JVNDB: JVNDB-2020-009628 // 
            
            
            
            CNNVD: CNNVD-202007-1778 // 
            
            
            
            NVD: CVE-2020-9937

SOURCES
db:VULHUBid:VHN-188062
db:VULMONid:CVE-2020-9937
db:JVNDBid:JVNDB-2020-009628
db:CNNVDid:CNNVD-202007-1778
db:NVDid:CVE-2020-9937

LAST UPDATE DATE
2024-08-14T12:53:44.627000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188062date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9937date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-009628date:2020-11-24T03:35:59
db:CNNVDid:CNNVD-202007-1778date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9937date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-188062date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9937date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-009628date:2020-11-24T03:35:59
db:CNNVDid:CNNVD-202007-1778date:2020-07-30T00:00:00
db:NVDid:CVE-2020-9937date:2020-10-22T19:15:15.370