CVE-2020-3909

Published: Apr 1, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

Affected (9)

Products: Apple: Icloud, Ipados, Iphone Os, Itunes, Mac Os X, Tvos, Watchos · Oracle: Sun Zfs Storage Appliance Kit Software

7 products

1 product

Sun Zfs Storage Appliance Kit Software

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apple Icloud	Before 7.18
Apple Icloud	From 10.9 to 10.9.3
Apple Ipados	Before 13.4
Apple Iphone Os	Before 13.4
Apple Itunes	Before 12.10.5
Apple Mac Os X	Before 10.15.4
Apple Tvos	Before 13.4
Apple Watchos	Before 6.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Sun Zfs Storage Appliance Kit Software	Version 8.8

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (16)

https://support.apple.com/HT211100

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211101

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211102

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211103

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211105

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211106

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT211107

Source: product-security@apple.com

Vendor Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: product-security@apple.com

Third Party Advisory

https://support.apple.com/HT211100

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211101

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211102

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211103

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211105

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211106

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT211107

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.