Sign-up

ID

VAR-202010-1256


CVE

CVE-2020-9779


TITLE

macOS Catalina  Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010590

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9779 // JVNDB: JVNDB-2020-010590 // VULHUB: VHN-187904 // VULMON: CVE-2020-9779

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.6

Trust: 1.0

vendor:アップルmodel:apple mac os xscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.15.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-010590 // NVD: CVE-2020-9779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9779
value: HIGH

Trust: 1.0

NVD: CVE-2020-9779
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1205
value: HIGH

Trust: 0.6

VULHUB: VHN-187904
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9779
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9779
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-187904
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9779
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-9779
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187904 // VULMON: CVE-2020-9779 // JVNDB: JVNDB-2020-010590 // CNNVD: CNNVD-202010-1205 // NVD: CVE-2020-9779

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-187904 // JVNDB: JVNDB-2020-010590 // NVD: CVE-2020-9779

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1205

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1205

PATCH

title:HT211100 Apple  Security updateurl:https://support.apple.com/en-us/HT211100

Trust: 0.8

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134454

Trust: 0.6

sources: JVNDB: JVNDB-2020-010590 // CNNVD: CNNVD-202010-1205

EXTERNAL IDS

db:NVDid:CVE-2020-9779

Trust: 2.6

db:JVNid:JVNVU96545608

Trust: 0.8

db:JVNDBid:JVNDB-2020-010590

Trust: 0.8

db:CNNVDid:CNNVD-202010-1205

Trust: 0.7

db:CNVDid:CNVD-2020-61634

Trust: 0.1

db:VULHUBid:VHN-187904

Trust: 0.1

db:VULMONid:CVE-2020-9779

Trust: 0.1

sources: VULHUB: VHN-187904 // VULMON: CVE-2020-9779 // JVNDB: JVNDB-2020-010590 // CNNVD: CNNVD-202010-1205 // NVD: CVE-2020-9779

REFERENCES

url:https://support.apple.com/kb/ht211100

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9779

Trust: 1.4

url:http://jvn.jp/vu/jvnvu96545608/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211170

Trust: 0.6

url:https://support.apple.com/en-us/ht211100

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-187904 // VULMON: CVE-2020-9779 // JVNDB: JVNDB-2020-010590 // CNNVD: CNNVD-202010-1205 // NVD: CVE-2020-9779

SOURCES

db:VULHUBid:VHN-187904
db:VULMONid:CVE-2020-9779
db:JVNDBid:JVNDB-2020-010590
db:CNNVDid:CNNVD-202010-1205
db:NVDid:CVE-2020-9779

LAST UPDATE DATE

2024-11-23T21:09:14.666000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-187904date:2020-10-28T00:00:00
db:VULMONid:CVE-2020-9779date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-010590date:2021-01-28T08:11:00
db:CNNVDid:CNNVD-202010-1205date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9779date:2024-11-21T05:41:15.453

SOURCES RELEASE DATE

db:VULHUBid:VHN-187904date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9779date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010590date:2021-01-28T00:00:00
db:CNNVDid:CNNVD-202010-1205date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9779date:2020-10-22T18:15:13.393