Sign-up

ID

VAR-202004-1980


CVE

CVE-2020-3907


TITLE

macOS Catalina Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003600

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. macOS Catalina Contains an out-of-bounds read vulnerability due to flawed input validation.Local users can abruptly shut down the system and read kernel memory. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component of Apple macOS Catalina versions prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address the following: Apple HSSPI Support Available for: macOS Catalina 10.15.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin) CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG FaceTime Available for: macOS Catalina 10.15.3 Impact: A local user may be able to view sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher IOThunderboltFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232 TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn Additional recognition CoreText We would like to acknowledge an anonymous researcher for their assistance. FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance. FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. OpenSSH We would like to acknowledge an anonymous researcher for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance. Installation note: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m 6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs 671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf ZHp7Jd+FZIoCP69dNnxG =AUHy -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-3907 // JVNDB: JVNDB-2020-003600 // VULHUB: VHN-182032 // PACKETSTORM: 156894

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-003600 // NVD: CVE-2020-3907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3907
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003600
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1544
value: HIGH

Trust: 0.6

VULHUB: VHN-182032
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3907
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003600
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182032
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3907
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003600
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-182032 // JVNDB: JVNDB-2020-003600 // CNNVD: CNNVD-202003-1544 // NVD: CVE-2020-3907

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-182032 // JVNDB: JVNDB-2020-003600 // NVD: CVE-2020-3907

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1544

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-1544

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003600

PATCH
title:HT211100url:https://support.apple.com/en-us/HT211100
Trust: 0.8
title:HT211100url:https://support.apple.com/ja-jp/HT211100
Trust: 0.8
title:Apple macOS Catalina Bluetooth Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112956
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003600 // 
            
            
            
            CNNVD: CNNVD-202003-1544

EXTERNAL IDS
db:NVDid:CVE-2020-3907
Trust: 2.6
db:JVNid:JVNVU96545608
Trust: 0.8
db:JVNDBid:JVNDB-2020-003600
Trust: 0.8
db:CNNVDid:CNNVD-202003-1544
Trust: 0.7
db:CNVDid:CNVD-2020-22473
Trust: 0.1
db:VULHUBid:VHN-182032
Trust: 0.1
db:PACKETSTORMid:156894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182032 // 
            
            
            
            JVNDB: JVNDB-2020-003600 // 
            
            
            
            PACKETSTORM: 156894 // 
            
            
            
            CNNVD: CNNVD-202003-1544 // 
            
            
            
            NVD: CVE-2020-3907

REFERENCES
url:https://support.apple.com/ht211100
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3907
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3907
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96545608/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211100
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9769
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3883
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3903
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3851
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19232
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9785
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3905
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3893
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3909
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9773
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3884
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3881
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3906
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3912
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8853
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3908
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3914
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3910
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3892
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3919
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3913
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9776
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-14615
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3904
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182032 // 
            
            
            
            JVNDB: JVNDB-2020-003600 // 
            
            
            
            PACKETSTORM: 156894 // 
            
            
            
            CNNVD: CNNVD-202003-1544 // 
            
            
            
            NVD: CVE-2020-3907

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 156894

SOURCES
db:VULHUBid:VHN-182032
db:JVNDBid:JVNDB-2020-003600
db:PACKETSTORMid:156894
db:CNNVDid:CNNVD-202003-1544
db:NVDid:CVE-2020-3907

LAST UPDATE DATE
2024-11-23T20:11:32.843000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-182032date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-003600date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-1544date:2021-10-29T00:00:00
db:NVDid:CVE-2020-3907date:2024-11-21T05:31:56.233

SOURCES RELEASE DATE
db:VULHUBid:VHN-182032date:2020-04-01T00:00:00
db:JVNDBid:JVNDB-2020-003600date:2020-04-21T00:00:00
db:PACKETSTORMid:156894date:2020-03-25T14:22:53
db:CNNVDid:CNNVD-202003-1544date:2020-03-25T00:00:00
db:NVDid:CVE-2020-3907date:2020-04-01T18:15:16.943