Details of VAR-201711-0421

ID

VAR-201711-0421

CVE

CVE-2017-13820

TITLE

Apple macOS of ATS Vulnerability in component to obtain important information from process memory

Trust: 0.8

sources: JVNDB: JVNDB-2017-010382

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the ATS component in versions prior to Apple macOS High Sierra 10.13.1

Trust: 1.71

sources: NVD: CVE-2017-13820 // JVNDB: JVNDB-2017-010382 // VULHUB: VHN-104481

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.13.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.0	Trust: 0.6

sources: JVNDB: JVNDB-2017-010382 // CNNVD: CNNVD-201711-412 // NVD: CVE-2017-13820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13820
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13820
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201711-412
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-104481
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13820
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-104481
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13820
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104481 // JVNDB: JVNDB-2017-010382 // CNNVD: CNNVD-201711-412 // NVD: CVE-2017-13820

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-104481 // JVNDB: JVNDB-2017-010382 // NVD: CVE-2017-13820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-412

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-412

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010382

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208221	url:	https://support.apple.com/en-us/HT208221	Trust: 0.8
title:	HT208221	url:	https://support.apple.com/ja-jp/HT208221	Trust: 0.8
title:	Apple macOS High Sierra ATS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76280	Trust: 0.6

sources: JVNDB: JVNDB-2017-010382 // CNNVD: CNNVD-201711-412

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13820	Trust: 2.5
db:	SECTRACK	id:	1039710	Trust: 1.1
db:	JVN	id:	JVNVU99000953	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010382	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-412	Trust: 0.7
db:	VULHUB	id:	VHN-104481	Trust: 0.1

sources: VULHUB: VHN-104481 // JVNDB: JVNDB-2017-010382 // CNNVD: CNNVD-201711-412 // NVD: CVE-2017-13820

REFERENCES

url:	https://support.apple.com/ht208221	Trust: 1.7
url:	http://www.securitytracker.com/id/1039710	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13820	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99000953/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13820	Trust: 0.8

sources: VULHUB: VHN-104481 // JVNDB: JVNDB-2017-010382 // CNNVD: CNNVD-201711-412 // NVD: CVE-2017-13820

SOURCES

db:	VULHUB	id:	VHN-104481
db:	JVNDB	id:	JVNDB-2017-010382
db:	CNNVD	id:	CNNVD-201711-412
db:	NVD	id:	CVE-2017-13820

LAST UPDATE DATE

2025-04-20T22:48:17.375000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104481	date:	2017-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-010382	date:	2017-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201711-412	date:	2017-11-14T00:00:00
db:	NVD	id:	CVE-2017-13820	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104481	date:	2017-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-010382	date:	2017-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201711-412	date:	2017-11-14T00:00:00
db:	NVD	id:	CVE-2017-13820	date:	2017-11-13T03:29:01.647