Sign-up

ID

VAR-202104-0196


CVE

CVE-2020-29624


TITLE

plural  Apple  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-017303

DESCRIPTION

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers

Trust: 1.8

sources: NVD: CVE-2020-29624 // JVNDB: JVNDB-2020-017303 // VULHUB: VHN-376372 // VULMON: CVE-2020-29624

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.1.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017303 // NVD: CVE-2020-29624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29624
value: HIGH

Trust: 1.0

NVD: CVE-2020-29624
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-553
value: HIGH

Trust: 0.6

VULHUB: VHN-376372
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-29624
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-29624
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-376372
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29624
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-29624
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376372 // VULMON: CVE-2020-29624 // JVNDB: JVNDB-2020-017303 // CNNVD: CNNVD-202102-553 // NVD: CVE-2020-29624

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-376372 // JVNDB: JVNDB-2020-017303 // NVD: CVE-2020-29624

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-553

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-553

PATCH

title:HT212009 Apple  Security updateurl:https://support.apple.com/en-us/HT212003

Trust: 0.8

title:Apple macOS Big Sur Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140825

Trust: 0.6

sources: JVNDB: JVNDB-2020-017303 // CNNVD: CNNVD-202102-553

EXTERNAL IDS

db:NVDid:CVE-2020-29624

Trust: 3.4

db:JVNid:JVNVU95288122

Trust: 0.8

db:JVNDBid:JVNDB-2020-017303

Trust: 0.8

db:PACKETSTORMid:161299

Trust: 0.7

db:CNNVDid:CNNVD-202102-553

Trust: 0.7

db:VULHUBid:VHN-376372

Trust: 0.1

db:VULMONid:CVE-2020-29624

Trust: 0.1

sources: VULHUB: VHN-376372 // VULMON: CVE-2020-29624 // JVNDB: JVNDB-2020-017303 // CNNVD: CNNVD-202102-553 // NVD: CVE-2020-29624

REFERENCES

url:https://support.apple.com/en-us/ht212003

Trust: 1.8

url:https://support.apple.com/en-us/ht212005

Trust: 1.8

url:https://support.apple.com/en-us/ht212009

Trust: 1.8

url:https://support.apple.com/en-us/ht212011

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-29624

Trust: 1.4

url:https://jvn.jp/vu/jvnvu95288122/

Trust: 0.8

url:https://packetstormsecurity.com/files/161299/apple-coretext-libfontparser.dylib-stack-corruption.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-376372 // VULMON: CVE-2020-29624 // JVNDB: JVNDB-2020-017303 // CNNVD: CNNVD-202102-553 // NVD: CVE-2020-29624

CREDITS

Google Security Research

Trust: 0.6

sources: CNNVD: CNNVD-202102-553

SOURCES

db:VULHUBid:VHN-376372
db:VULMONid:CVE-2020-29624
db:JVNDBid:JVNDB-2020-017303
db:CNNVDid:CNNVD-202102-553
db:NVDid:CVE-2020-29624

LAST UPDATE DATE

2024-08-14T12:23:08.669000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376372date:2022-06-28T00:00:00
db:VULMONid:CVE-2020-29624date:2021-04-07T00:00:00
db:JVNDBid:JVNDB-2020-017303date:2022-09-07T05:02:00
db:CNNVDid:CNNVD-202102-553date:2021-04-08T00:00:00
db:NVDid:CVE-2020-29624date:2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-376372date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-29624date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-017303date:2022-09-07T00:00:00
db:CNNVDid:CNNVD-202102-553date:2021-02-05T00:00:00
db:NVDid:CVE-2020-29624date:2021-04-02T18:15:17.950