Sign-up

ID

VAR-202010-1271


CVE

CVE-2020-9869


TITLE

macOS Catalina Memory Corruption Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009626

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination. macOS Catalina Is vulnerable to memory corruption due to improper memory processing.A remote attacker could terminate the application abruptly. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A number of Apple products have a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: versions prior to macOS Catalina 10.15.6

Trust: 1.8

sources: NVD: CVE-2020-9869 // JVNDB: JVNDB-2020-009626 // VULHUB: VHN-187994 // VULMON: CVE-2020-9869

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

sources: JVNDB: JVNDB-2020-009626 // NVD: CVE-2020-9869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9869
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009626
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1213
value: HIGH

Trust: 0.6

VULHUB: VHN-187994
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9869
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9869
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009626
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187994
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9869
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009626
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187994 // VULMON: CVE-2020-9869 // JVNDB: JVNDB-2020-009626 // CNNVD: CNNVD-202010-1213 // NVD: CVE-2020-9869

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-187994 // JVNDB: JVNDB-2020-009626 // NVD: CVE-2020-9869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1213

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1213

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009626

PATCH
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:Multiple  Apple Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131676
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009626 // 
            
            
            
            CNNVD: CNNVD-202010-1213

EXTERNAL IDS
db:NVDid:CVE-2020-9869
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-009626
Trust: 0.8
db:CNNVDid:CNNVD-202010-1213
Trust: 0.7
db:NSFOCUSid:49969
Trust: 0.6
db:CNVDid:CNVD-2020-59731
Trust: 0.1
db:VULHUBid:VHN-187994
Trust: 0.1
db:VULMONid:CVE-2020-9869
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187994 // 
            
            
            
            VULMON: CVE-2020-9869 // 
            
            
            
            JVNDB: JVNDB-2020-009626 // 
            
            
            
            CNNVD: CNNVD-202010-1213 // 
            
            
            
            NVD: CVE-2020-9869

REFERENCES
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9869
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9869
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/49969
Trust: 0.6
url:https://support.apple.com/en-us/ht211289
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187994 // 
            
            
            
            VULMON: CVE-2020-9869 // 
            
            
            
            JVNDB: JVNDB-2020-009626 // 
            
            
            
            CNNVD: CNNVD-202010-1213 // 
            
            
            
            NVD: CVE-2020-9869

SOURCES
db:VULHUBid:VHN-187994
db:VULMONid:CVE-2020-9869
db:JVNDBid:JVNDB-2020-009626
db:CNNVDid:CNNVD-202010-1213
db:NVDid:CVE-2020-9869

LAST UPDATE DATE
2024-11-23T21:07:39.589000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187994date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-9869date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-009626date:2020-11-24T03:35:56
db:CNNVDid:CNNVD-202010-1213date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9869date:2024-11-21T05:41:26.380

SOURCES RELEASE DATE
db:VULHUBid:VHN-187994date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9869date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-009626date:2020-11-24T03:35:56
db:CNNVDid:CNNVD-202010-1213date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9869date:2020-10-22T18:15:14.127