ID

VAR-202104-0161


CVE

CVE-2020-27899


TITLE

plural  Apple  Product Use of Freed Memory Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-017326

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. plural Apple The product contains a usage of freed memory vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. Apple macOS security vulnerability, currently there is no information about this vulnerability, please keep an eye on CNNVD or manufacturer announcements

Trust: 1.8

sources: NVD: CVE-2020-27899 // JVNDB: JVNDB-2020-017326 // VULHUB: VHN-372010 // VULMON: CVE-2020-27899

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.2

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017326 // NVD: CVE-2020-27899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27899
value: HIGH

Trust: 1.0

NVD: CVE-2020-27899
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-1066
value: HIGH

Trust: 0.6

VULHUB: VHN-372010
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-27899
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27899
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-372010
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27899
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-27899
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-372010 // VULMON: CVE-2020-27899 // JVNDB: JVNDB-2020-017326 // CNNVD: CNNVD-202012-1066 // NVD: CVE-2020-27899

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-372010 // JVNDB: JVNDB-2020-017326 // NVD: CVE-2020-27899

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1066

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1066

PATCH

title:HT211930 Apple  Security updateurl:https://support.apple.com/en-us/HT211928

Trust: 0.8

title:Apple macOs Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137020

Trust: 0.6

sources: JVNDB: JVNDB-2020-017326 // CNNVD: CNNVD-202012-1066

EXTERNAL IDS

db:NVDid:CVE-2020-27899

Trust: 3.4

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-017326

Trust: 0.8

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:CNNVDid:CNNVD-202012-1066

Trust: 0.6

db:VULHUBid:VHN-372010

Trust: 0.1

db:VULMONid:CVE-2020-27899

Trust: 0.1

sources: VULHUB: VHN-372010 // VULMON: CVE-2020-27899 // JVNDB: JVNDB-2020-017326 // CNNVD: CNNVD-202012-1066 // NVD: CVE-2020-27899

REFERENCES

url:https://support.apple.com/en-us/ht211928

Trust: 1.8

url:https://support.apple.com/en-us/ht211929

Trust: 1.8

url:https://support.apple.com/en-us/ht211930

Trust: 1.8

url:https://support.apple.com/en-us/ht211931

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-27899

Trust: 1.4

url:http://jvn.jp/vu/jvnvu99462952/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 0.1

sources: VULHUB: VHN-372010 // VULMON: CVE-2020-27899 // JVNDB: JVNDB-2020-017326 // CNNVD: CNNVD-202012-1066 // NVD: CVE-2020-27899

SOURCES

db:VULHUBid:VHN-372010
db:VULMONid:CVE-2020-27899
db:JVNDBid:JVNDB-2020-017326
db:CNNVDid:CNNVD-202012-1066
db:NVDid:CVE-2020-27899

LAST UPDATE DATE

2024-08-14T12:06:37.435000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372010date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-27899date:2021-04-07T00:00:00
db:JVNDBid:JVNDB-2020-017326date:2022-09-07T08:02:00
db:CNNVDid:CNNVD-202012-1066date:2021-04-08T00:00:00
db:NVDid:CVE-2020-27899date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-372010date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-27899date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-017326date:2022-09-07T00:00:00
db:CNNVDid:CNNVD-202012-1066date:2020-12-15T00:00:00
db:NVDid:CVE-2020-27899date:2021-04-02T18:15:15.153