Sign-up

ID

VAR-202010-1284


CVE

CVE-2020-9882


TITLE

plural Apple Product Buffer Overflow Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010469

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple watchOS is a smart watch operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9882 // JVNDB: JVNDB-2020-010469 // VULHUB: VHN-188007 // VULMON: CVE-2020-9882

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010469 // NVD: CVE-2020-9882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9882
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010469
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1217
value: HIGH

Trust: 0.6

VULHUB: VHN-188007
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9882
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9882
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010469
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188007
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9882
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010469
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188007 // VULMON: CVE-2020-9882 // JVNDB: JVNDB-2020-010469 // CNNVD: CNNVD-202010-1217 // NVD: CVE-2020-9882

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-188007 // JVNDB: JVNDB-2020-010469 // NVD: CVE-2020-9882

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1217

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010469

PATCH
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
title:Apple Repair measures for buffer errors and vulnerabilities in many productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131679
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010469 // 
            
            
            
            CNNVD: CNNVD-202010-1217

EXTERNAL IDS
db:NVDid:CVE-2020-9882
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010469
Trust: 0.8
db:CNNVDid:CNNVD-202010-1217
Trust: 0.7
db:NSFOCUSid:50066
Trust: 0.6
db:CNVDid:CNVD-2020-65915
Trust: 0.1
db:VULHUBid:VHN-188007
Trust: 0.1
db:VULMONid:CVE-2020-9882
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188007 // 
            
            
            
            VULMON: CVE-2020-9882 // 
            
            
            
            JVNDB: JVNDB-2020-010469 // 
            
            
            
            CNNVD: CNNVD-202010-1217 // 
            
            
            
            NVD: CVE-2020-9882

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9882
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9882
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50066
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188007 // 
            
            
            
            VULMON: CVE-2020-9882 // 
            
            
            
            JVNDB: JVNDB-2020-010469 // 
            
            
            
            CNNVD: CNNVD-202010-1217 // 
            
            
            
            NVD: CVE-2020-9882

SOURCES
db:VULHUBid:VHN-188007
db:VULMONid:CVE-2020-9882
db:JVNDBid:JVNDB-2020-010469
db:CNNVDid:CNNVD-202010-1217
db:NVDid:CVE-2020-9882

LAST UPDATE DATE
2024-11-23T20:19:34.657000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188007date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9882date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010469date:2021-01-19T05:15:45
db:CNNVDid:CNNVD-202010-1217date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9882date:2024-11-21T05:41:27.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-188007date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9882date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010469date:2021-01-19T05:15:45
db:CNNVDid:CNNVD-202010-1217date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9882date:2020-10-22T18:15:15.097