Sign-up

ID

VAR-202010-1524


CVE

CVE-2020-9984


TITLE

plural Apple Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010030

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple The product is vulnerable to out-of-bounds reading due to flawed input validation.Arbitrary code can be executed by processing maliciously created images. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iTunes for Windows is a media player application based on the Windows platform

Trust: 1.8

sources: NVD: CVE-2020-9984 // JVNDB: JVNDB-2020-010030 // VULHUB: VHN-188109 // VULMON: CVE-2020-9984

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.8

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:eqversion:7.20 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:11.3 未満 (microsoft store から入手した windows 10 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.10.8 未満 (windows 7 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010030 // NVD: CVE-2020-9984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9984
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010030
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1244
value: HIGH

Trust: 0.6

VULHUB: VHN-188109
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9984
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010030
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188109
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9984
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010030
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188109 // VULMON: CVE-2020-9984 // JVNDB: JVNDB-2020-010030 // CNNVD: CNNVD-202010-1244 // NVD: CVE-2020-9984

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-188109 // JVNDB: JVNDB-2020-010030 // NVD: CVE-2020-9984

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1244

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010030

PATCH
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211293url:https://support.apple.com/en-us/HT211293
Trust: 0.8
title:HT211294url:https://support.apple.com/en-us/HT211294
Trust: 0.8
title:HT211295url:https://support.apple.com/en-us/HT211295
Trust: 0.8
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/en-us/HT211290
Trust: 0.8
title:HT211293url:https://support.apple.com/ja-jp/HT211293
Trust: 0.8
title:HT211294url:https://support.apple.com/ja-jp/HT211294
Trust: 0.8
title:HT211295url:https://support.apple.com/ja-jp/HT211295
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/ja-jp/HT211290
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
title:Multiple Apple Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131695
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010030 // 
            
            
            
            CNNVD: CNNVD-202010-1244

EXTERNAL IDS
db:NVDid:CVE-2020-9984
Trust: 2.6
db:JVNid:JVNVU95491800
Trust: 0.8
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010030
Trust: 0.8
db:CNNVDid:CNNVD-202010-1244
Trust: 0.7
db:NSFOCUSid:50081
Trust: 0.6
db:CNVDid:CNVD-2020-65947
Trust: 0.1
db:VULHUBid:VHN-188109
Trust: 0.1
db:VULMONid:CVE-2020-9984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188109 // 
            
            
            
            VULMON: CVE-2020-9984 // 
            
            
            
            JVNDB: JVNDB-2020-010030 // 
            
            
            
            CNNVD: CNNVD-202010-1244 // 
            
            
            
            NVD: CVE-2020-9984

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211290
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://support.apple.com/kb/ht211293
Trust: 1.8
url:https://support.apple.com/kb/ht211294
Trust: 1.8
url:https://support.apple.com/kb/ht211295
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9984
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9984
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95491800/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/50081
Trust: 0.6
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:https://support.apple.com/en-us/ht211295
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188109 // 
            
            
            
            VULMON: CVE-2020-9984 // 
            
            
            
            JVNDB: JVNDB-2020-010030 // 
            
            
            
            CNNVD: CNNVD-202010-1244 // 
            
            
            
            NVD: CVE-2020-9984

SOURCES
db:VULHUBid:VHN-188109
db:VULMONid:CVE-2020-9984
db:JVNDBid:JVNDB-2020-010030
db:CNNVDid:CNNVD-202010-1244
db:NVDid:CVE-2020-9984

LAST UPDATE DATE
2024-08-14T13:16:18.909000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188109date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9984date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010030date:2020-12-17T08:43:24
db:CNNVDid:CNNVD-202010-1244date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9984date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-188109date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9984date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010030date:2020-12-17T08:43:24
db:CNNVDid:CNNVD-202010-1244date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9984date:2020-10-22T19:15:15.743