cvelistv5 - cve-2020-3825

cve-2020-3825

Vulnerability from cvelistv5

Published

2020-02-27 20:45

Modified

2024-08-04 07:44

Severity ?

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT210947	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT210948	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210947	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210948	Release Notes, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Apple

iOS

Version: unspecified < iOS 13.3.1 and iPadOS 13.3.1

Apple	tvOS	Version: unspecified < tvOS 13.3.1
Apple	Safari	Version: unspecified < Safari 13.0.5
Apple	iTunes for Windows	Version: unspecified < iTunes for Windows 12.10.4
Apple	iCloud for Windows	Version: unspecified < iCloud for Windows 11.0
Apple	iCloud for Windows (Legacy)	Version: unspecified < iCloud for Windows 7.17

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:44:51.279Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT210947",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT210948",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "iOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iOS 13.3.1 and iPadOS 13.3.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "tvOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "tvOS 13.3.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Safari",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "Safari 13.0.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iTunes for Windows",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iTunes for Windows 12.10.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iCloud for Windows",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iCloud for Windows 11.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iCloud for Windows (Legacy)",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iCloud for Windows 7.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Processing maliciously crafted web content may lead to arbitrary code execution",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-27T20:45:04",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT210947",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT210948",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2020-3825",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "iOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iOS 13.3.1 and iPadOS 13.3.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "tvOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "tvOS 13.3.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Safari",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "Safari 13.0.5",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iTunes for Windows",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iTunes for Windows 12.10.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iCloud for Windows",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iCloud for Windows 11.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iCloud for Windows (Legacy)",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iCloud for Windows 7.17",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apple",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Processing maliciously crafted web content may lead to arbitrary code execution",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/HT210947",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT210947",
                  },
                  {
                     name: "https://support.apple.com/HT210948",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT210948",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2020-3825",
      datePublished: "2020-02-27T20:45:04",
      dateReserved: "2019-12-18T00:00:00",
      dateUpdated: "2024-08-04T07:44:51.279Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-3825\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-02-27T21:15:15.850\",\"lastModified\":\"2024-11-21T05:31:47.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abordaron múltiples problemas de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS 13.3.1, Safari versión 13.0.5, iTunes para Windows versión 12.10.4, iCloud para Windows versión 11.0, iCloud para Windows versión 7.17. El procesamiento de contenido web diseñado maliciosamente puede conllevar una ejecución de código arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"11.0\",\"matchCriteriaId\":\"18B457B7-4DEE-4195-8BAA-F8758B695132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.4\",\"matchCriteriaId\":\"15CC59BB-5F0C-4381-A7E7-EFFCC01CC308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.5\",\"matchCriteriaId\":\"4E05D8A0-0D80-4B7D-8696-140AB92A8F09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"3DD89B34-EA75-4559-A112-13B489B2502A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"B4BFEAAB-906E-4F49-A6DB-5717BADD8089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"7C2B3AC9-FAFE-4819-9538-A072B446BE78\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210947\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210948\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
   },
}

gsd-2020-3825

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-3825

Aliases

CVE-2020-3825

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2020-3825",
      description: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
      id: "GSD-2020-3825",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2020-3825",
         ],
         details: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
         id: "GSD-2020-3825",
         modified: "2023-12-13T01:22:09.491523Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "product-security@apple.com",
            ID: "CVE-2020-3825",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "iOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iOS 13.3.1 and iPadOS 13.3.1",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "tvOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "tvOS 13.3.1",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "Safari",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "Safari 13.0.5",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iTunes for Windows",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iTunes for Windows 12.10.4",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iCloud for Windows",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iCloud for Windows 11.0",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iCloud for Windows (Legacy)",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iCloud for Windows 7.17",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Apple",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "Processing maliciously crafted web content may lead to arbitrary code execution",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://support.apple.com/HT210947",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT210947",
               },
               {
                  name: "https://support.apple.com/HT210948",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT210948",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.10.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.0.5",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.3.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.3.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.3.1",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2020-3825",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-787",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/HT210947",
                     refsource: "MISC",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT210947",
                  },
                  {
                     name: "https://support.apple.com/HT210948",
                     refsource: "MISC",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT210948",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 8.6,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: true,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 2.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2021-07-21T11:39Z",
         publishedDate: "2020-02-27T21:15Z",
      },
   },
}

fkie_cve-2020-3825

Vulnerability from fkie_nvd

Published

2020-02-27 21:15

Modified

2024-11-21 05:31

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT210947	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT210948	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210947	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210948	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "18B457B7-4DEE-4195-8BAA-F8758B695132",
                     versionEndExcluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "15CC59BB-5F0C-4381-A7E7-EFFCC01CC308",
                     versionEndExcluding: "12.10.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E05D8A0-0D80-4B7D-8696-140AB92A8F09",
                     versionEndExcluding: "3.0.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DD89B34-EA75-4559-A112-13B489B2502A",
                     versionEndExcluding: "13.3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4BFEAAB-906E-4F49-A6DB-5717BADD8089",
                     versionEndExcluding: "13.3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C2B3AC9-FAFE-4819-9538-A072B446BE78",
                     versionEndExcluding: "13.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
      },
      {
         lang: "es",
         value: "Se abordaron múltiples problemas de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 13.3.1 y iPadOS versión 13.3.1, tvOS 13.3.1, Safari versión 13.0.5, iTunes para Windows versión 12.10.4, iCloud para Windows versión 11.0, iCloud para Windows versión 7.17. El procesamiento de contenido web diseñado maliciosamente puede conllevar una ejecución de código arbitrario.",
      },
   ],
   id: "CVE-2020-3825",
   lastModified: "2024-11-21T05:31:47.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-27T21:15:15.850",
   references: [
      {
         source: "product-security@apple.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT210947",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT210948",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT210947",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT210948",
      },
   ],
   sourceIdentifier: "product-security@apple.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-gr3m-wrg7-rj7p

Vulnerability from github

Published

2022-05-24 17:09

Modified

2022-05-24 17:09

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2020-3825",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-119",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2020-02-27T21:15:00Z",
      severity: "MODERATE",
   },
   details: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",
   id: "GHSA-gr3m-wrg7-rj7p",
   modified: "2022-05-24T17:09:45Z",
   published: "2022-05-24T17:09:45Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2020-3825",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT210947",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT210948",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple tvOS is a smart TV operating system. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; Apple tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

iCloud for Windows 10.9.2 is now available and addresses the following:

ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-3846: Ranier Vilela

WebKit Available for: Windows 10 and later via the Microsoft Store Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-3825: Przemysław Sporysz of Euvic CVE-2020-3868: Marcin Towalski of Cisco Talos

WebKit Available for: Windows 10 and later via the Microsoft Store Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2020-3865: Ryan Pickren (ryanpickren.com)

Installation note:

iCloud for Windows 10.9.2 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4x9jMACgkQBz4uGe3y 0M1Apw/+PrQvBheHkxIo2XjPOyTxO+M8mlaU+6gY7Ue14zivPO20JqRLb34FyNfh iE+RSJ3NB/0cdZIUH1xcrKzK+tmVFVETJaBmLmoTHBy3946DQtUvditLfTHYnYzC peJbdG4UyevVwf/AoED5iI89lf/ADOWm9Xu0LVtvDKyTAFewQp9oOlG731twL9iI 6ojuzYokYzJSWcDlLMTFB4sDpZsNEz2Crf+WZ44r5bHKcSTi7HzS+OPueQ6dSdqi Y9ioDv/SB0dnLJZE2wq6eaFL2t7eXelYUSL7SekXI4aYQkhaOQFabutFuYNoOX4e +ctnbSdVT5WjG7tyg9L7bl4m1q8GgH43OLBmA1Z/gps004PHMQ87cRRjvGGKIQOf YMI0VBqFc6cAnDYh4Oun31gbg9Y1llYYwTQex7gjx9U+v3FKOaxWxQg8N9y4d2+v qsStr7HKVKcRE/LyEx4fA44VoKNHyHZ4LtQSeX998MTapyH5XbbHEWr/K4TcJ8ij 6Zv/GkUKeINDJbRFhiMJtGThTw5dba5sfHfVv88NrbNYcwwVQrvlkfMq8Jrn0YEf rahjCDLigXXbyaqxM57feJ9+y6jHpULeywomGv+QEzyALTdGKIaq7w1pwLdOHizi Lcxvr8FxmUxydrvFJSUDRa9ELigIsLmgPB3l1UiUmd3AQ38ymJw= =tRpr -----END PGP SIGNATURE-----=

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1152",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.3.1",
         },
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.4",
         },
         {
            model: "safari",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "3.0.5",
         },
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.0",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.3.1",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.3.1",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (ipod touch 第 7 世代)",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (iphone 6s 以降)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.0.5 未満 (macos mojave)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.0.5 未満 (macos high sierra)",
         },
         {
            model: "ipados",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (ipad air 2 以降)",
         },
         {
            model: "icloud",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 7.17 未満 (windows 7 以降)",
         },
         {
            model: "tvos",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (apple tv hd)",
         },
         {
            model: "tvos",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (apple tv 4k)",
         },
         {
            model: "ipados",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.3.1 未満 (ipad mini 4 以降)",
         },
         {
            model: "itunes",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 12.10.4 未満 (windows 7 以降)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.0.5 未満 (macos catalina)",
         },
         {
            model: "icloud",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 10.9.2 未満 (windows 10 以降)",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:apple:icloud",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:iphone_os",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:ipados",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:apple:itunes",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:apple:safari",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:apple_tv",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Apple,Przemysław Sporysz of Euvic",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2020-3825",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-3825",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 1,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 6.8,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-002304",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "VHN-181950",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2020-3825",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-002304",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-3825",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-002304",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202001-1410",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-181950",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple tvOS is a smart TV operating system. The product supports storage of music, photos, App and contacts, etc. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based iCloud versions prior to 10.9.2 and 7.17; Windows-based iTunes versions prior to 12.10.4; Apple tvOS versions prior to 13.3.1; Safari versions prior to 13.0.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2\n\niCloud for Windows 10.9.2 is now available and addresses the\nfollowing:\n\nImageIO\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3826: Samuel Groß of Google Project Zero\n\nlibxml2\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing maliciously crafted XML may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-3846: Ranier Vilela\n\nWebKit\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-3825: Przemysław Sporysz of Euvic\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: Windows 10 and later via the Microsoft Store\nImpact: A malicious website may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\nmemory handling. \nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nInstallation note:\n\niCloud for Windows 10.9.2 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4x9jMACgkQBz4uGe3y\n0M1Apw/+PrQvBheHkxIo2XjPOyTxO+M8mlaU+6gY7Ue14zivPO20JqRLb34FyNfh\niE+RSJ3NB/0cdZIUH1xcrKzK+tmVFVETJaBmLmoTHBy3946DQtUvditLfTHYnYzC\npeJbdG4UyevVwf/AoED5iI89lf/ADOWm9Xu0LVtvDKyTAFewQp9oOlG731twL9iI\n6ojuzYokYzJSWcDlLMTFB4sDpZsNEz2Crf+WZ44r5bHKcSTi7HzS+OPueQ6dSdqi\nY9ioDv/SB0dnLJZE2wq6eaFL2t7eXelYUSL7SekXI4aYQkhaOQFabutFuYNoOX4e\n+ctnbSdVT5WjG7tyg9L7bl4m1q8GgH43OLBmA1Z/gps004PHMQ87cRRjvGGKIQOf\nYMI0VBqFc6cAnDYh4Oun31gbg9Y1llYYwTQex7gjx9U+v3FKOaxWxQg8N9y4d2+v\nqsStr7HKVKcRE/LyEx4fA44VoKNHyHZ4LtQSeX998MTapyH5XbbHEWr/K4TcJ8ij\n6Zv/GkUKeINDJbRFhiMJtGThTw5dba5sfHfVv88NrbNYcwwVQrvlkfMq8Jrn0YEf\nrahjCDLigXXbyaqxM57feJ9+y6jHpULeywomGv+QEzyALTdGKIaq7w1pwLdOHizi\nLcxvr8FxmUxydrvFJSUDRa9ELigIsLmgPB3l1UiUmd3AQ38ymJw=\n=tRpr\n-----END PGP SIGNATURE-----=\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "PACKETSTORM",
            id: "156153",
         },
         {
            db: "PACKETSTORM",
            id: "156152",
         },
      ],
      trust: 1.89,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-3825",
            trust: 2.7,
         },
         {
            db: "PACKETSTORM",
            id: "156153",
            trust: 0.8,
         },
         {
            db: "JVN",
            id: "JVNVU95678717",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.0346",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "156152",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-181950",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "PACKETSTORM",
            id: "156153",
         },
         {
            db: "PACKETSTORM",
            id: "156152",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   id: "VAR-202002-1152",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T21:09:23.463000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "HT210923",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210923",
         },
         {
            title: "HT210947",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210947",
         },
         {
            title: "HT210948",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210948",
         },
         {
            title: "HT210918",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210918",
         },
         {
            title: "HT210920",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210920",
         },
         {
            title: "HT210922",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT210922",
         },
         {
            title: "HT210947",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210947",
         },
         {
            title: "HT210948",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210948",
         },
         {
            title: "HT210918",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210918",
         },
         {
            title: "HT210920",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210920",
         },
         {
            title: "HT210922",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210922",
         },
         {
            title: "HT210923",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT210923",
         },
         {
            title: "Multiple Apple product WebKit Fix for component buffer error vulnerability",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110870",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1.1,
         },
         {
            problemtype: "CWE-119",
            trust: 0.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://support.apple.com/ht210947",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht210948",
         },
         {
            trust: 1.6,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3825",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3825",
         },
         {
            trust: 0.8,
            url: "https://jvn.jp/vu/jvnvu95678717/",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-au/ht210795",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-au/ht210794",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht210947",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/156153/apple-security-advisory-2020-1-29-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.0346/",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3826",
         },
         {
            trust: 0.2,
            url: "https://support.apple.com/ht204283",
         },
         {
            trust: 0.2,
            url: "https://support.apple.com/kb/ht201222",
         },
         {
            trust: 0.2,
            url: "https://www.apple.com/support/security/pgp/",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3865",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3867",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3868",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3862",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3846",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "PACKETSTORM",
            id: "156153",
         },
         {
            db: "PACKETSTORM",
            id: "156152",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            db: "PACKETSTORM",
            id: "156153",
         },
         {
            db: "PACKETSTORM",
            id: "156152",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-02-27T00:00:00",
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            date: "2020-03-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            date: "2020-01-30T14:46:35",
            db: "PACKETSTORM",
            id: "156153",
         },
         {
            date: "2020-01-30T14:46:23",
            db: "PACKETSTORM",
            id: "156152",
         },
         {
            date: "2020-01-30T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            date: "2020-02-27T21:15:15.850000",
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-07-21T00:00:00",
            db: "VULHUB",
            id: "VHN-181950",
         },
         {
            date: "2020-03-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
         {
            date: "2021-10-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
         {
            date: "2024-11-21T05:31:47.687000",
            db: "NVD",
            id: "CVE-2020-3825",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Apple Product Corruption Vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-002304",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202001-1410",
         },
      ],
      trust: 0.6,
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-3825

Vulnerability from cvelistv5

gsd-2020-3825

Vulnerability from gsd

fkie_cve-2020-3825

Vulnerability from fkie_nvd

ghsa-gr3m-wrg7-rj7p

Vulnerability from github

var-202002-1152

Vulnerability from variot

Tags

Sightings

Nomenclature