Sign-up

ID

VAR-202006-1637


CVE

CVE-2020-9844


TITLE

plural Apple Product double memory release vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-006159

DESCRIPTION

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Wi-Fi is one of the wireless Internet access components. A resource management error vulnerability exists in the Wi-Fi component of Apple iOS versions prior to 13.5, iPadOS versions prior to 13.5, and macOS Catalina versions prior to 10.15.5

Trust: 1.71

sources: NVD: CVE-2020-9844 // JVNDB: JVNDB-2020-006159 // VULHUB: VHN-187969

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 0.8

sources: JVNDB: JVNDB-2020-006159 // NVD: CVE-2020-9844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9844
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006159
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1269
value: HIGH

Trust: 0.6

VULHUB: VHN-187969
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9844
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006159
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187969
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9844
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006159
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187969 // JVNDB: JVNDB-2020-006159 // CNNVD: CNNVD-202005-1269 // NVD: CVE-2020-9844

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.9

sources: VULHUB: VHN-187969 // JVNDB: JVNDB-2020-006159 // NVD: CVE-2020-9844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1269

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006159

PATCH
title:HT211168url:https://support.apple.com/en-us/HT211168
Trust: 0.8
title:HT211170url:https://support.apple.com/en-us/HT211170
Trust: 0.8
title:HT211168url:https://support.apple.com/ja-jp/HT211168
Trust: 0.8
title:HT211170url:https://support.apple.com/ja-jp/HT211170
Trust: 0.8
title:Apple iOS , iPadOS  and macOS Catalina Wi-Fi Fixes for component resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121021
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006159 // 
            
            
            
            CNNVD: CNNVD-202005-1269

EXTERNAL IDS
db:NVDid:CVE-2020-9844
Trust: 2.5
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006159
Trust: 0.8
db:CNNVDid:CNNVD-202005-1269
Trust: 0.7
db:PACKETSTORMid:158225
Trust: 0.6
db:AUSCERTid:ESB-2020.1859
Trust: 0.6
db:NSFOCUSid:48543
Trust: 0.6
db:CNVDid:CNVD-2020-49312
Trust: 0.1
db:VULHUBid:VHN-187969
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187969 // 
            
            
            
            JVNDB: JVNDB-2020-006159 // 
            
            
            
            CNNVD: CNNVD-202005-1269 // 
            
            
            
            NVD: CVE-2020-9844

REFERENCES
url:https://support.apple.com/ht211168
Trust: 1.7
url:https://support.apple.com/ht211170
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9844
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9844
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.6
url:https://support.apple.com/en-us/ht211170
Trust: 0.6
url:https://packetstormsecurity.com/files/158225/ios-macos-wifi-proximity-kernel-double-free.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1859/
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343
Trust: 0.6
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://support.apple.com/kb/ht211170
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48543
Trust: 0.6
sources:
            
            
            VULHUB: VHN-187969 // 
            
            
            
            JVNDB: JVNDB-2020-006159 // 
            
            
            
            CNNVD: CNNVD-202005-1269 // 
            
            
            
            NVD: CVE-2020-9844

CREDITS
Google Security Research, ianbeer
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1269

SOURCES
db:VULHUBid:VHN-187969
db:JVNDBid:JVNDB-2020-006159
db:CNNVDid:CNNVD-202005-1269
db:NVDid:CVE-2020-9844

LAST UPDATE DATE
2024-11-23T20:35:27.795000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187969date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-006159date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202005-1269date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9844date:2024-11-21T05:41:23.513

SOURCES RELEASE DATE
db:VULHUBid:VHN-187969date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006159date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202005-1269date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9844date:2020-06-09T17:15:14.940