Details of VAR-202006-1629

ID

VAR-202006-1629

CVE

CVE-2020-9834

TITLE

macOS Catalina Memory Corruption Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006227

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components

Trust: 1.71

sources: NVD: CVE-2020-9834 // JVNDB: JVNDB-2020-006227 // VULHUB: VHN-187959

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8

sources: JVNDB: JVNDB-2020-006227 // NVD: CVE-2020-9834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9834
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006227
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-1268
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187959
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9834
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006227
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187959
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9834
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006227
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187959 // JVNDB: JVNDB-2020-006227 // CNNVD: CNNVD-202005-1268 // NVD: CVE-2020-9834

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-187959 // JVNDB: JVNDB-2020-006227 // NVD: CVE-2020-9834

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1268

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1268

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006227

PATCH

title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/ja-jp/HT211170	Trust: 0.8
title:	Apple macOS Catalina Wi-Fi Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121020	Trust: 0.6

sources: JVNDB: JVNDB-2020-006227 // CNNVD: CNNVD-202005-1268

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9834	Trust: 2.5
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006227	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.1859	Trust: 0.6
db:	NSFOCUS	id:	48546	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-1268	Trust: 0.6
db:	CNVD	id:	CNVD-2020-32217	Trust: 0.1
db:	VULHUB	id:	VHN-187959	Trust: 0.1

sources: VULHUB: VHN-187959 // JVNDB: JVNDB-2020-006227 // CNNVD: CNNVD-202005-1268 // NVD: CVE-2020-9834

REFERENCES

url:	https://support.apple.com/ht211170	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9834	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9834	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48546	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1859/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6

sources: VULHUB: VHN-187959 // JVNDB: JVNDB-2020-006227 // CNNVD: CNNVD-202005-1268 // NVD: CVE-2020-9834

CREDITS

Yu Wang of Didi Research America

Trust: 0.6

sources: CNNVD: CNNVD-202005-1268

SOURCES

db:	VULHUB	id:	VHN-187959
db:	JVNDB	id:	JVNDB-2020-006227
db:	CNNVD	id:	CNNVD-202005-1268
db:	NVD	id:	CVE-2020-9834

LAST UPDATE DATE

2024-11-23T21:19:35.410000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187959	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-006227	date:	2020-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202005-1268	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9834	date:	2024-11-21T05:41:22.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187959	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006227	date:	2020-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202005-1268	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9834	date:	2020-06-09T17:15:14.363