ID

VAR-202209-1875


CVE

CVE-2020-36521


TITLE

Out-of-bounds read vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2020-017871

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. iCloud , iTunes , iPadOS Multiple Apple products contain out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2020-36521 // JVNDB: JVNDB-2020-017871 // VULHUB: VHN-418899

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.9

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.21

Trust: 1.0

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.0

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:アップルmodel:watchosscope:eqversion:7.0

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:icloudscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:itunesscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017871 // NVD: CVE-2020-36521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36521
value: HIGH

Trust: 1.0

NVD: CVE-2020-36521
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-2462
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-36521
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-36521
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // NVD: CVE-2020-36521

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2462

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2462

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211843

Trust: 0.8

title:Apple iCloud for Windows Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209279

Trust: 0.6

sources: JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462

EXTERNAL IDS

db:NVDid:CVE-2020-36521

Trust: 3.3

db:JVNDBid:JVNDB-2020-017871

Trust: 0.8

db:CNNVDid:CNNVD-202209-2462

Trust: 0.6

db:VULHUBid:VHN-418899

Trust: 0.1

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

REFERENCES

url:https://support.apple.com/en-us/ht211843

Trust: 1.7

url:https://support.apple.com/en-us/ht211844

Trust: 1.7

url:https://support.apple.com/en-us/ht211846

Trust: 1.7

url:https://support.apple.com/en-us/ht211847

Trust: 1.7

url:https://support.apple.com/en-us/ht211850

Trust: 1.7

url:https://support.apple.com/en-us/ht211952

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-36521

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2020-36521/

Trust: 0.6

sources: VULHUB: VHN-418899 // JVNDB: JVNDB-2020-017871 // CNNVD: CNNVD-202209-2462 // NVD: CVE-2020-36521

SOURCES

db:VULHUBid:VHN-418899
db:JVNDBid:JVNDB-2020-017871
db:CNNVDid:CNNVD-202209-2462
db:NVDid:CVE-2020-36521

LAST UPDATE DATE

2024-08-14T13:53:01.856000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-418899date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-017871date:2023-10-19T06:06:00
db:CNNVDid:CNNVD-202209-2462date:2022-09-28T00:00:00
db:NVDid:CVE-2020-36521date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-418899date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2020-017871date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202209-2462date:2022-09-23T00:00:00
db:NVDid:CVE-2020-36521date:2022-09-23T19:15:10.383