var-202006-1637
Vulnerability from variot
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Wi-Fi is one of the wireless Internet access components. A resource management error vulnerability exists in the Wi-Fi component of Apple iOS versions prior to 13.5, iPadOS versions prior to 13.5, and macOS Catalina versions prior to 10.15.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.13"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:ipados",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Security Research, ianbeer",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
}
],
"trust": 0.6
},
"cve": "CVE-2020-9844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9844",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006159",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-187969",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006159",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006159",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1269",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187969",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Wi-Fi is one of the wireless Internet access components. A resource management error vulnerability exists in the Wi-Fi component of Apple iOS versions prior to 13.5, iPadOS versions prior to 13.5, and macOS Catalina versions prior to 10.15.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9844"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "VULHUB",
"id": "VHN-187969"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9844",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98042162",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1859",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48543",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-49312",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187969",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"id": "VAR-202006-1637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187969"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:35:27.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211168"
},
{
"title": "HT211170",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211170"
},
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211168"
},
{
"title": "HT211170",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211170"
},
{
"title": "Apple iOS , iPadOS and macOS Catalina Wi-Fi Fixes for component resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121021"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht211168"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211170"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9844"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9844"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98042162/index.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211168"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211170"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158225/ios-macos-wifi-proximity-kernel-double-free.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1859/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211168"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211170"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48543"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187969"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"date": "2020-06-09T17:15:14.940000",
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187969"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006159"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1269"
},
{
"date": "2024-11-21T05:41:23.513000",
"db": "NVD",
"id": "CVE-2020-9844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product double memory release vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1269"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…