Details of VAR-202104-0176

ID

VAR-202104-0176

CVE

CVE-2020-27936

TITLE

macOS Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017315

DESCRIPTION

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. macOS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Apple macOS Big Sur is a mobile application APP of Apple (Apple)

Trust: 1.8

sources: NVD: CVE-2020-27936 // JVNDB: JVNDB-2020-017315 // VULHUB: VHN-372047 // VULMON: CVE-2020-27936

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	11.1.0	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	11.1.0	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017315 // NVD: CVE-2020-27936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27936
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27936
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-091
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372047
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-27936
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27936
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-372047
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27936
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-27936
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372047 // VULMON: CVE-2020-27936 // JVNDB: JVNDB-2020-017315 // CNNVD: CNNVD-202104-091 // NVD: CVE-2020-27936

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372047 // JVNDB: JVNDB-2020-017315 // NVD: CVE-2020-27936

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-091

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-091

PATCH

title:	HT212011 Apple Security update	url:	https://support.apple.com/en-us/HT212011	Trust: 0.8
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146877	Trust: 0.6

sources: JVNDB: JVNDB-2020-017315 // CNNVD: CNNVD-202104-091

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27936	Trust: 3.4
db:	JVN	id:	JVNVU95288122	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-017315	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-091	Trust: 0.6
db:	VULHUB	id:	VHN-372047	Trust: 0.1
db:	VULMON	id:	CVE-2020-27936	Trust: 0.1

sources: VULHUB: VHN-372047 // VULMON: CVE-2020-27936 // JVNDB: JVNDB-2020-017315 // CNNVD: CNNVD-202104-091 // NVD: CVE-2020-27936

REFERENCES

url:	https://support.apple.com/en-us/ht212011	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27936	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu95288122/index.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372047 // VULMON: CVE-2020-27936 // JVNDB: JVNDB-2020-017315 // CNNVD: CNNVD-202104-091 // NVD: CVE-2020-27936

SOURCES

db:	VULHUB	id:	VHN-372047
db:	VULMON	id:	CVE-2020-27936
db:	JVNDB	id:	JVNDB-2020-017315
db:	CNNVD	id:	CNNVD-202104-091
db:	NVD	id:	CVE-2020-27936

LAST UPDATE DATE

2024-11-23T21:18:16.798000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372047	date:	2021-04-07T00:00:00
db:	VULMON	id:	CVE-2020-27936	date:	2021-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-017315	date:	2022-09-07T06:54:00
db:	CNNVD	id:	CNNVD-202104-091	date:	2021-04-08T00:00:00
db:	NVD	id:	CVE-2020-27936	date:	2024-11-21T05:22:05.063

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372047	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2020-27936	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-017315	date:	2022-09-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-091	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2020-27936	date:	2021-04-02T18:15:16.187