ID

VAR-202010-1521


CVE

CVE-2020-9980


TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010029

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple watchOS is a smart watch operating system

Trust: 1.8

sources: NVD: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // VULHUB: VHN-188105 // VULMON: CVE-2020-9980

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010029 // NVD: CVE-2020-9980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9980
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010029
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1243
value: HIGH

Trust: 0.6

VULHUB: VHN-188105
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9980
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9980
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010029
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188105
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9980
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010029
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-188105 // JVNDB: JVNDB-2020-010029 // NVD: CVE-2020-9980

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1243

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1243

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010029

PATCH

title:HT211291url:https://support.apple.com/en-us/HT211291

Trust: 0.8

title:HT211288url:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:HT211289url:https://support.apple.com/en-us/HT211289

Trust: 0.8

title:HT211290url:https://support.apple.com/en-us/HT211290

Trust: 0.8

title:HT211288url:https://support.apple.com/ja-jp/HT211288

Trust: 0.8

title:HT211289url:https://support.apple.com/ja-jp/HT211289

Trust: 0.8

title:HT211290url:https://support.apple.com/ja-jp/HT211290

Trust: 0.8

title:HT211291url:https://support.apple.com/ja-jp/HT211291

Trust: 0.8

title:Multiple Apple Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131694

Trust: 0.6

sources: JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243

EXTERNAL IDS

db:NVDid:CVE-2020-9980

Trust: 2.6

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNDBid:JVNDB-2020-010029

Trust: 0.8

db:CNNVDid:CNNVD-202010-1243

Trust: 0.7

db:NSFOCUSid:50004

Trust: 0.6

db:VULHUBid:VHN-188105

Trust: 0.1

db:VULMONid:CVE-2020-9980

Trust: 0.1

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

REFERENCES

url:https://support.apple.com/kb/ht211288

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://support.apple.com/kb/ht211290

Trust: 1.8

url:https://support.apple.com/kb/ht211291

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9980

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9980

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211291

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50004

Trust: 0.6

url:https://support.apple.com/en-us/ht211290

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-188105 // VULMON: CVE-2020-9980 // JVNDB: JVNDB-2020-010029 // CNNVD: CNNVD-202010-1243 // NVD: CVE-2020-9980

SOURCES

db:VULHUBid:VHN-188105
db:VULMONid:CVE-2020-9980
db:JVNDBid:JVNDB-2020-010029
db:CNNVDid:CNNVD-202010-1243
db:NVDid:CVE-2020-9980

LAST UPDATE DATE

2024-11-23T19:43:01.804000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188105date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9980date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010029date:2020-12-17T08:43:22
db:CNNVDid:CNNVD-202010-1243date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9980date:2024-11-21T05:41:38.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-188105date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9980date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010029date:2020-12-17T08:43:22
db:CNNVDid:CNNVD-202010-1243date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9980date:2020-10-22T19:15:15.667