Details of VAR-202010-1521

ID

VAR-202010-1521

CVE

CVE-2020-9980

TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010029

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple watchOS is a smart watch operating system

Trust: 1.8

sources: NVD: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // VULHUB: VHN-188105 // VULMON: CVE-2020-9980

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.4.8	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	13.6 未満 (iphone 6s 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.6 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	6.2.8 未満 (apple watch series 1 以降)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.6 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.6 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.8 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.8 未満 (apple tv hd)	Trust: 0.8

sources: JVNDB: JVNDB-2020-010029 // NVD: CVE-2020-9980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9980
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-010029
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1243
value:	HIGH
Trust: 0.6
VULHUB:	VHN-188105
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9980
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9980
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-010029
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-188105
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9980
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010029
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-188105 // JVNDB: JVNDB-2020-010029 // NVD: CVE-2020-9980

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1243

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1243

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010029

PATCH

title:	HT211291	url:	https://support.apple.com/en-us/HT211291	Trust: 0.8
title:	HT211288	url:	https://support.apple.com/en-us/HT211288	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/en-us/HT211289	Trust: 0.8
title:	HT211290	url:	https://support.apple.com/en-us/HT211290	Trust: 0.8
title:	HT211288	url:	https://support.apple.com/ja-jp/HT211288	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/ja-jp/HT211289	Trust: 0.8
title:	HT211290	url:	https://support.apple.com/ja-jp/HT211290	Trust: 0.8
title:	HT211291	url:	https://support.apple.com/ja-jp/HT211291	Trust: 0.8
title:	Multiple Apple Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131694	Trust: 0.6

sources: JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9980	Trust: 2.6
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010029	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1243	Trust: 0.7
db:	NSFOCUS	id:	50004	Trust: 0.6
db:	VULHUB	id:	VHN-188105	Trust: 0.1
db:	VULMON	id:	CVE-2020-9980	Trust: 0.1

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

REFERENCES

url:	https://support.apple.com/kb/ht211288	Trust: 1.8
url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://support.apple.com/kb/ht211290	Trust: 1.8
url:	https://support.apple.com/kb/ht211291	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9980	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9980	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht211291	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50004	Trust: 0.6
url:	https://support.apple.com/en-us/ht211290	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

SOURCES

db:	VULHUB	id:	VHN-188105
db:	VULMON	id:	CVE-2020-9980
db:	JVNDB	id:	JVNDB-2020-010029
db:	CNNVD	id:	CNNVD-202010-1243
db:	NVD	id:	CVE-2020-9980

LAST UPDATE DATE

2024-11-23T19:43:01.804000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188105	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2020-9980	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-010029	date:	2020-12-17T08:43:22
db:	CNNVD	id:	CNNVD-202010-1243	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2020-9980	date:	2024-11-21T05:41:38.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188105	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9980	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-010029	date:	2020-12-17T08:43:22
db:	CNNVD	id:	CNNVD-202010-1243	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9980	date:	2020-10-22T19:15:15.667