Sign-up

ID

VAR-202104-0174


CVE

CVE-2020-27933


TITLE

Apple Buffer error vulnerabilities in multiple products

Trust: 0.6

sources: CNNVD: CNNVD-202104-122

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution

Trust: 1.08

sources: NVD: CVE-2020-27933 // VULHUB: VHN-372044 // VULMON: CVE-2020-27933

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.15.6

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

sources: NVD: CVE-2020-27933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27933
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-122
value: HIGH

Trust: 0.6

VULHUB: VHN-372044
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-27933
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27933
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372044
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27933
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372044 // VULMON: CVE-2020-27933 // CNNVD: CNNVD-202104-122 // NVD: CVE-2020-27933

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-372044 // NVD: CVE-2020-27933

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-122

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-122

PATCH

title:Buffer error repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147138

Trust: 0.6

sources: CNNVD: CNNVD-202104-122

EXTERNAL IDS

db:NVDid:CVE-2020-27933

Trust: 1.8

db:CNNVDid:CNNVD-202104-122

Trust: 0.6

db:VULHUBid:VHN-372044

Trust: 0.1

db:VULMONid:CVE-2020-27933

Trust: 0.1

sources: VULHUB: VHN-372044 // VULMON: CVE-2020-27933 // CNNVD: CNNVD-202104-122 // NVD: CVE-2020-27933

REFERENCES

url:https://support.apple.com/en-us/ht211288

Trust: 1.8

url:https://support.apple.com/en-us/ht211289

Trust: 1.8

url:https://support.apple.com/en-us/ht211290

Trust: 1.8

url:https://support.apple.com/en-us/ht211291

Trust: 1.8

url:https://support.apple.com/en-us/ht211295

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-27933

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372044 // VULMON: CVE-2020-27933 // CNNVD: CNNVD-202104-122 // NVD: CVE-2020-27933

SOURCES

db:VULHUBid:VHN-372044
db:VULMONid:CVE-2020-27933
db:CNNVDid:CNNVD-202104-122
db:NVDid:CVE-2020-27933

LAST UPDATE DATE

2024-08-14T15:42:55.367000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372044date:2022-06-28T00:00:00
db:VULMONid:CVE-2020-27933date:2021-04-09T00:00:00
db:CNNVDid:CNNVD-202104-122date:2021-04-20T00:00:00
db:NVDid:CVE-2020-27933date:2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-372044date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-27933date:2021-04-02T00:00:00
db:CNNVDid:CNNVD-202104-122date:2021-04-02T00:00:00
db:NVDid:CVE-2020-27933date:2021-04-02T18:15:16.043