ID

VAR-202010-1505


CVE

CVE-2020-9938


TITLE

plural  Apple  Out-of-bounds read vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010594

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple The product is vulnerable to out-of-bounds reading due to flawed input validation.Arbitrary code can be executed by processing maliciously created images. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. ImageIO is one of the components that reads and writes image data. A security vulnerability exists in the ImageIO component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.6; iPadOS prior to 13.6; macOS Catalina prior to 10.15.6; Windows-based iTunes prior to 12.10.8; tvOS prior to 13.4.8; watchOS prior to 6.2.8 . Apple iTunes for Windows could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the ImageIO component

Trust: 1.8

sources: NVD: CVE-2020-9938 // JVNDB: JVNDB-2020-010594 // VULHUB: VHN-188063 // VULMON: CVE-2020-9938

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.8

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:アップルmodel:icloudscope: - version: -

Trust: 0.8

vendor:アップルmodel:itunesscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:ltversion:6.2.8 (apple watch series 1 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-010594 // NVD: CVE-2020-9938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9938
value: HIGH

Trust: 1.0

NVD: CVE-2020-9938
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1771
value: HIGH

Trust: 0.6

VULHUB: VHN-188063
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9938
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9938
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188063
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9938
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9938
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188063 // VULMON: CVE-2020-9938 // JVNDB: JVNDB-2020-010594 // CNNVD: CNNVD-202007-1771 // NVD: CVE-2020-9938

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-188063 // JVNDB: JVNDB-2020-010594 // NVD: CVE-2020-9938

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1771

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1771

PATCH

title:HT211294 Apple  Security updateurl:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:Multiple Apple product ImageIO Fixes for component security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=125952

Trust: 0.6

title:Apple: iCloud for Windows 7.20url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50e6b35a047c9702f4cdebdf81483b05

Trust: 0.1

title:Apple: iCloud for Windows 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=947a08401ec7e5f309d5ae26f5006f48

Trust: 0.1

sources: VULMON: CVE-2020-9938 // JVNDB: JVNDB-2020-010594 // CNNVD: CNNVD-202007-1771

EXTERNAL IDS

db:NVDid:CVE-2020-9938

Trust: 2.6

db:JVNid:JVNVU95491800

Trust: 0.8

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNDBid:JVNDB-2020-010594

Trust: 0.8

db:CNNVDid:CNNVD-202007-1771

Trust: 0.7

db:NSFOCUSid:50006

Trust: 0.6

db:CNVDid:CNVD-2020-49295

Trust: 0.1

db:VULHUBid:VHN-188063

Trust: 0.1

db:VULMONid:CVE-2020-9938

Trust: 0.1

sources: VULHUB: VHN-188063 // VULMON: CVE-2020-9938 // JVNDB: JVNDB-2020-010594 // CNNVD: CNNVD-202007-1771 // NVD: CVE-2020-9938

REFERENCES

url:https://support.apple.com/kb/ht211293

Trust: 2.4

url:https://support.apple.com/kb/ht211294

Trust: 2.4

url:https://support.apple.com/kb/ht211288

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://support.apple.com/kb/ht211290

Trust: 1.8

url:https://support.apple.com/kb/ht211291

Trust: 1.8

url:https://support.apple.com/kb/ht211295

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9938

Trust: 1.4

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95491800/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211291

Trust: 0.6

url:https://support.apple.com/en-us/ht211295

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50006

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/186154

Trust: 0.1

sources: VULHUB: VHN-188063 // VULMON: CVE-2020-9938 // JVNDB: JVNDB-2020-010594 // CNNVD: CNNVD-202007-1771 // NVD: CVE-2020-9938

SOURCES

db:VULHUBid:VHN-188063
db:VULMONid:CVE-2020-9938
db:JVNDBid:JVNDB-2020-010594
db:CNNVDid:CNNVD-202007-1771
db:NVDid:CVE-2020-9938

LAST UPDATE DATE

2024-08-14T12:57:43.605000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188063date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9938date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-010594date:2021-01-28T08:11:00
db:CNNVDid:CNNVD-202007-1771date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9938date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-188063date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9938date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010594date:2021-01-28T00:00:00
db:CNNVDid:CNNVD-202007-1771date:2020-07-30T00:00:00
db:NVDid:CVE-2020-9938date:2020-10-22T19:15:15.447