CVE-2020-9883

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-10-2020 08:15

Last modified: - 03-09-2022 05:58

Total changes: - 2

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://support.apple.com/kb/HT211289
https://support.apple.com/kb/HT211288
https://support.apple.com/kb/HT211295
https://support.apple.com/kb/HT211294
https://support.apple.com/kb/HT211293
https://support.apple.com/kb/HT211291
https://support.apple.com/kb/HT211290
https://support.apple.com/kb/HT211931
https://www.zerodayinitiative.com/advisories/ZDI-20-1389/
20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1-Mailing List, Third Party Advisory

Keywords

CVE-2020-9883

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-9883

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures