Details of VAR-202010-1323

ID

VAR-202010-1323

CVE

CVE-2020-3851

TITLE

mac OS Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2020-012776

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. mac OS Is vulnerable to the use of freed memory due to poor memory management.Elevated privileges may be obtained through the application. Apple macOS Catalina is a set of dedicated operating systems developed for Mac computers by Apple Inc. There is a resource management error vulnerability in the IOTThunderboltFamily component in Apple macOS Catalina versions prior to 10.15.4. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin) CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG FaceTime Available for: macOS Catalina 10.15.3 Impact: A local user may be able to view sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3910: LGTM.com Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232 TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn Additional recognition CoreText We would like to acknowledge an anonymous researcher for their assistance. FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance. FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. OpenSSH We would like to acknowledge an anonymous researcher for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance

Trust: 2.43

sources: NVD: CVE-2020-3851 // JVNDB: JVNDB-2020-012776 // CNNVD: CNNVD-202003-1529 // VULHUB: VHN-181976 // VULMON: CVE-2020-3851 // PACKETSTORM: 156894

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.3	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.15.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012776 // NVD: CVE-2020-3851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3851
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3851
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-1529
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181976
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3851
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3851
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181976
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3851
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3851
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181976 // VULMON: CVE-2020-3851 // JVNDB: JVNDB-2020-012776 // CNNVD: CNNVD-202003-1529 // NVD: CVE-2020-3851

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181976 // JVNDB: JVNDB-2020-012776 // NVD: CVE-2020-3851

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1529

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202003-1529

PATCH

title:	HT210919 Apple Security update	url:	https://support.apple.com/en-us/HT210919	Trust: 0.8
title:	Apple macOS Catalina IOThunderboltFamily Fixes for component resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112942	Trust: 0.6
title:	Apple: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=dc4464f799ce1dde4908444fa27beb09	Trust: 0.1

sources: VULMON: CVE-2020-3851 // JVNDB: JVNDB-2020-012776 // CNNVD: CNNVD-202003-1529

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3851	Trust: 2.7
db:	JVN	id:	JVNVU96545608	Trust: 0.8
db:	JVN	id:	JVNVU95678717	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012776	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-1529	Trust: 0.7
db:	PACKETSTORM	id:	156894	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1042	Trust: 0.6
db:	VULHUB	id:	VHN-181976	Trust: 0.1
db:	VULMON	id:	CVE-2020-3851	Trust: 0.1

sources: VULHUB: VHN-181976 // VULMON: CVE-2020-3851 // JVNDB: JVNDB-2020-012776 // PACKETSTORM: 156894 // CNNVD: CNNVD-202003-1529 // NVD: CVE-2020-3851

REFERENCES

url:	https://support.apple.com/en-us/ht210919	Trust: 1.8
url:	https://support.apple.com/en-us/ht211100	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3851	Trust: 1.5
url:	http://jvn.jp/vu/jvnvu95678717/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96545608/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht211100	Trust: 0.6
url:	https://packetstormsecurity.com/files/156894/apple-security-advisory-2020-03-24-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1042/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-31874	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/178601	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3911	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3883	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19232	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3905	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3893	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3909	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3881	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3906	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3912	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8853	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3908	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3914	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3910	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3919	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3913	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9776	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3904	Trust: 0.1

sources: VULHUB: VHN-181976 // VULMON: CVE-2020-3851 // JVNDB: JVNDB-2020-012776 // PACKETSTORM: 156894 // CNNVD: CNNVD-202003-1529 // NVD: CVE-2020-3851

CREDITS

Apple,Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Trust: 0.6

sources: CNNVD: CNNVD-202003-1529

SOURCES

db:	VULHUB	id:	VHN-181976
db:	VULMON	id:	CVE-2020-3851
db:	JVNDB	id:	JVNDB-2020-012776
db:	PACKETSTORM	id:	156894
db:	CNNVD	id:	CNNVD-202003-1529
db:	NVD	id:	CVE-2020-3851

LAST UPDATE DATE

2024-11-23T19:58:16.220000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181976	date:	2020-11-03T00:00:00
db:	VULMON	id:	CVE-2020-3851	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012776	date:	2021-06-01T07:20:00
db:	CNNVD	id:	CNNVD-202003-1529	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3851	date:	2024-11-21T05:31:50.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181976	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-3851	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012776	date:	2021-06-01T00:00:00
db:	PACKETSTORM	id:	156894	date:	2020-03-25T14:22:53
db:	CNNVD	id:	CNNVD-202003-1529	date:	2020-03-25T00:00:00
db:	NVD	id:	CVE-2020-3851	date:	2020-10-27T21:15:14.867