← Back

CVE-2020-3885

nvd nist
Published: Apr 1, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

Affected (7)

Apple
6 products
Icloud
Ipad Os
Iphone Os
Itunes
Safari
Tvos
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Icloud
Before 7.18
Icloud
From 10.0.0 to 10.9.3
Ipad Os
Before 13.4
Iphone Os
Before 13.4
Itunes
Before 12.10.5
Safari
Before 13.1
Tvos
Before 13.4

Related CWEs

CWE-670
Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References (12)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.