Details of VAR-202010-1298

ID

VAR-202010-1298

CVE

CVE-2020-9899

TITLE

macOS Memory Corruption Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010474

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers

Trust: 1.8

sources: NVD: CVE-2020-9899 // JVNDB: JVNDB-2020-010474 // VULHUB: VHN-188024 // VULMON: CVE-2020-9899

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 0.8

sources: JVNDB: JVNDB-2020-010474 // NVD: CVE-2020-9899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9899
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-010474
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1222
value:	HIGH
Trust: 0.6
VULHUB:	VHN-188024
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-9899
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9899
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-010474
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-188024
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9899
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010474
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188024 // VULMON: CVE-2020-9899 // JVNDB: JVNDB-2020-010474 // CNNVD: CNNVD-202010-1222 // NVD: CVE-2020-9899

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-188024 // JVNDB: JVNDB-2020-010474 // NVD: CVE-2020-9899

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1222

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1222

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010474

PATCH

title:	HT211289	url:	https://support.apple.com/en-us/HT211289	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/ja-jp/HT211289	Trust: 0.8
title:	Apple macOS Catalina Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131683	Trust: 0.6

sources: JVNDB: JVNDB-2020-010474 // CNNVD: CNNVD-202010-1222

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9899	Trust: 2.6
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010474	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1222	Trust: 0.7
db:	NSFOCUS	id:	50062	Trust: 0.6
db:	CNVD	id:	CNVD-2020-59476	Trust: 0.1
db:	VULHUB	id:	VHN-188024	Trust: 0.1
db:	VULMON	id:	CVE-2020-9899	Trust: 0.1

sources: VULHUB: VHN-188024 // VULMON: CVE-2020-9899 // JVNDB: JVNDB-2020-010474 // CNNVD: CNNVD-202010-1222 // NVD: CVE-2020-9899

REFERENCES

url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9899	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9899	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50062	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-188024 // VULMON: CVE-2020-9899 // JVNDB: JVNDB-2020-010474 // CNNVD: CNNVD-202010-1222 // NVD: CVE-2020-9899

SOURCES

db:	VULHUB	id:	VHN-188024
db:	VULMON	id:	CVE-2020-9899
db:	JVNDB	id:	JVNDB-2020-010474
db:	CNNVD	id:	CNNVD-202010-1222
db:	NVD	id:	CVE-2020-9899

LAST UPDATE DATE

2024-11-23T20:32:15.979000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188024	date:	2021-07-21T00:00:00
db:	VULMON	id:	CVE-2020-9899	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-010474	date:	2021-01-19T05:15:52
db:	CNNVD	id:	CNNVD-202010-1222	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9899	date:	2024-11-21T05:41:29.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188024	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9899	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-010474	date:	2021-01-19T05:15:52
db:	CNNVD	id:	CNNVD-202010-1222	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9899	date:	2020-10-22T18:15:15.457