Details of VAR-202209-1875

ID

VAR-202209-1875

CVE

CVE-2020-36521

TITLE

Out-of-bounds read vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2020-017871

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. iCloud , iTunes , iPadOS Multiple Apple products contain out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2020-36521 // JVNDB: JVNDB-2020-017871 // VULHUB: VHN-418899

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	14.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.9	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.21	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	gte	version:	11.0	Trust: 1.0
vendor:	アップル	model:	watchos	scope:	eq	version:	7.0	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	icloud	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	itunes	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017871 // NVD: CVE-2020-36521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-36521
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-36521
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202209-2462
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-36521
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-36521
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // NVD: CVE-2020-36521

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2462

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2462

PATCH

title:	HT211850 Apple Security update	url:	https://support.apple.com/en-us/HT211843	Trust: 0.8
title:	Apple iCloud for Windows Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209279	Trust: 0.6

sources: JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462

EXTERNAL IDS

db:	NVD	id:	CVE-2020-36521	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-017871	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-2462	Trust: 0.6
db:	VULHUB	id:	VHN-418899	Trust: 0.1

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

REFERENCES

url:	https://support.apple.com/en-us/ht211843	Trust: 1.7
url:	https://support.apple.com/en-us/ht211844	Trust: 1.7
url:	https://support.apple.com/en-us/ht211846	Trust: 1.7
url:	https://support.apple.com/en-us/ht211847	Trust: 1.7
url:	https://support.apple.com/en-us/ht211850	Trust: 1.7
url:	https://support.apple.com/en-us/ht211952	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36521	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2020-36521/	Trust: 0.6

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

SOURCES

db:	VULHUB	id:	VHN-418899
db:	JVNDB	id:	JVNDB-2020-017871
db:	CNNVD	id:	CNNVD-202209-2462
db:	NVD	id:	CVE-2020-36521

LAST UPDATE DATE

2024-08-14T13:53:01.856000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418899	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-017871	date:	2023-10-19T06:06:00
db:	CNNVD	id:	CNNVD-202209-2462	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2020-36521	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418899	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-017871	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202209-2462	date:	2022-09-23T00:00:00
db:	NVD	id:	CVE-2020-36521	date:	2022-09-23T19:15:10.383