Sign-up

ID

VAR-202104-0199


CVE

CVE-2020-29639


TITLE

iOS  and  iPadOS  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017362

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-29639 // JVNDB: JVNDB-2020-017362 // VULHUB: VHN-376387 // VULMON: CVE-2020-29639

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017362 // NVD: CVE-2020-29639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29639
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-29639
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-088
value: MEDIUM

Trust: 0.6

VULHUB: VHN-376387
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-29639
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-29639
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-376387
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29639
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-29639
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376387 // VULMON: CVE-2020-29639 // JVNDB: JVNDB-2020-017362 // CNNVD: CNNVD-202104-088 // NVD: CVE-2020-29639

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-376387 // JVNDB: JVNDB-2020-017362 // NVD: CVE-2020-29639

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-088

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-088

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211850

Trust: 0.8

title:Buffer error repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146962

Trust: 0.6

sources: JVNDB: JVNDB-2020-017362 // CNNVD: CNNVD-202104-088

EXTERNAL IDS

db:NVDid:CVE-2020-29639

Trust: 3.4

db:JVNDBid:JVNDB-2020-017362

Trust: 0.8

db:CNNVDid:CNNVD-202104-088

Trust: 0.6

db:VULHUBid:VHN-376387

Trust: 0.1

db:VULMONid:CVE-2020-29639

Trust: 0.1

sources: VULHUB: VHN-376387 // VULMON: CVE-2020-29639 // JVNDB: JVNDB-2020-017362 // CNNVD: CNNVD-202104-088 // NVD: CVE-2020-29639

REFERENCES

url:https://support.apple.com/en-us/ht211850

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-29639

Trust: 1.4

url:https://support.apple.com/en-us/ht211931

Trust: 0.6

url:https://support.apple.com/en-us/ht211844

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-376387 // VULMON: CVE-2020-29639 // JVNDB: JVNDB-2020-017362 // CNNVD: CNNVD-202104-088 // NVD: CVE-2020-29639

SOURCES

db:VULHUBid:VHN-376387
db:VULMONid:CVE-2020-29639
db:JVNDBid:JVNDB-2020-017362
db:CNNVDid:CNNVD-202104-088
db:NVDid:CVE-2020-29639

LAST UPDATE DATE

2024-08-14T14:18:32.731000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376387date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-29639date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2020-017362date:2022-09-09T01:19:00
db:CNNVDid:CNNVD-202104-088date:2021-11-03T00:00:00
db:NVDid:CVE-2020-29639date:2021-04-08T12:26:30.957

SOURCES RELEASE DATE

db:VULHUBid:VHN-376387date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-29639date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-017362date:2022-09-09T00:00:00
db:CNNVDid:CNNVD-202104-088date:2021-04-02T00:00:00
db:NVDid:CVE-2020-29639date:2021-04-02T18:15:18.153