Sign-up

ID

VAR-202104-0203


CVE

CVE-2020-29610


TITLE

Apple macOS AudioToolboxCore MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-376

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AudioToolboxCore module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The specific flaw exists within the AudioToolboxCore module

Trust: 1.71

sources: NVD: CVE-2020-29610 // ZDI: ZDI-21-376 // VULHUB: VHN-376358 // VULMON: CVE-2020-29610

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.1.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-376 // NVD: CVE-2020-29610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29610
value: MEDIUM

Trust: 1.0

ZDI: CVE-2020-29610
value: LOW

Trust: 0.7

CNNVD: CNNVD-202103-1680
value: MEDIUM

Trust: 0.6

VULHUB: VHN-376358
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-29610
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-29610
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-376358
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29610
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ZDI: CVE-2020-29610
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-376 // VULHUB: VHN-376358 // VULMON: CVE-2020-29610 // CNNVD: CNNVD-202103-1680 // NVD: CVE-2020-29610

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-376358 // NVD: CVE-2020-29610

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1680

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1680

PATCH

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT212005

Trust: 0.7

title:Buffer error repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146957

Trust: 0.6

sources: ZDI: ZDI-21-376 // CNNVD: CNNVD-202103-1680

EXTERNAL IDS

db:NVDid:CVE-2020-29610

Trust: 2.5

db:ZDIid:ZDI-21-376

Trust: 1.4

db:ZDI_CANid:ZDI-CAN-11449

Trust: 0.7

db:CNNVDid:CNNVD-202103-1680

Trust: 0.7

db:VULHUBid:VHN-376358

Trust: 0.1

db:VULMONid:CVE-2020-29610

Trust: 0.1

sources: ZDI: ZDI-21-376 // VULHUB: VHN-376358 // VULMON: CVE-2020-29610 // CNNVD: CNNVD-202103-1680 // NVD: CVE-2020-29610

REFERENCES

url:https://support.apple.com/en-us/ht212005

Trust: 2.5

url:https://support.apple.com/en-us/ht212003

Trust: 1.8

url:https://support.apple.com/en-us/ht212009

Trust: 1.8

url:https://support.apple.com/en-us/ht212011

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-376/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-29610

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-21-376 // VULHUB: VHN-376358 // VULMON: CVE-2020-29610 // CNNVD: CNNVD-202103-1680 // NVD: CVE-2020-29610

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-21-376

SOURCES

db:ZDIid:ZDI-21-376
db:VULHUBid:VHN-376358
db:VULMONid:CVE-2020-29610
db:CNNVDid:CNNVD-202103-1680
db:NVDid:CVE-2020-29610

LAST UPDATE DATE

2024-08-14T15:11:57.688000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-376date:2021-03-30T00:00:00
db:VULHUBid:VHN-376358date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-29610date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202103-1680date:2021-04-20T00:00:00
db:NVDid:CVE-2020-29610date:2021-04-08T14:06:33.530

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-376date:2021-03-30T00:00:00
db:VULHUBid:VHN-376358date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-29610date:2021-04-02T00:00:00
db:CNNVDid:CNNVD-202103-1680date:2021-03-30T00:00:00
db:NVDid:CVE-2020-29610date:2021-04-02T18:15:17.170