Sign-up

ID

VAR-202010-1283


CVE

CVE-2020-9881


TITLE

plural Apple Product Buffer Overflow Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010468

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple watchOS is a smart watch operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9881 // JVNDB: JVNDB-2020-010468 // VULHUB: VHN-188006 // VULMON: CVE-2020-9881

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010468 // NVD: CVE-2020-9881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9881
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010468
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1216
value: HIGH

Trust: 0.6

VULHUB: VHN-188006
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9881
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9881
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010468
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188006
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9881
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010468
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188006 // VULMON: CVE-2020-9881 // JVNDB: JVNDB-2020-010468 // CNNVD: CNNVD-202010-1216 // NVD: CVE-2020-9881

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-188006 // JVNDB: JVNDB-2020-010468 // NVD: CVE-2020-9881

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1216

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010468

PATCH
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010468

EXTERNAL IDS
db:NVDid:CVE-2020-9881
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010468
Trust: 0.8
db:CNNVDid:CNNVD-202010-1216
Trust: 0.7
db:NSFOCUSid:50091
Trust: 0.6
db:CNVDid:CNVD-2020-61637
Trust: 0.1
db:VULHUBid:VHN-188006
Trust: 0.1
db:VULMONid:CVE-2020-9881
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188006 // 
            
            
            
            VULMON: CVE-2020-9881 // 
            
            
            
            JVNDB: JVNDB-2020-010468 // 
            
            
            
            CNNVD: CNNVD-202010-1216 // 
            
            
            
            NVD: CVE-2020-9881

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9881
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9881
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/50091
Trust: 0.6
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188006 // 
            
            
            
            VULMON: CVE-2020-9881 // 
            
            
            
            JVNDB: JVNDB-2020-010468 // 
            
            
            
            CNNVD: CNNVD-202010-1216 // 
            
            
            
            NVD: CVE-2020-9881

SOURCES
db:VULHUBid:VHN-188006
db:VULMONid:CVE-2020-9881
db:JVNDBid:JVNDB-2020-010468
db:CNNVDid:CNNVD-202010-1216
db:NVDid:CVE-2020-9881

LAST UPDATE DATE
2024-11-23T21:23:50.139000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188006date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9881date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010468date:2021-01-19T05:15:43
db:CNNVDid:CNNVD-202010-1216date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9881date:2024-11-21T05:41:27.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-188006date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9881date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010468date:2021-01-19T05:15:43
db:CNNVDid:CNNVD-202010-1216date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9881date:2020-10-22T18:15:15.033