cvelistv5 - cve-2020-9859

cve-2020-9859

Vulnerability from cvelistv5

Published

2020-06-05 14:40

Modified

2025-01-29 17:39

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	product-security@apple.com	https://support.apple.com/HT211214	Vendor Advisory, Release Notes
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211214	Vendor Advisory, Release Notes

Impacted products

Vendor

Product

Version

▼

Apple

iOS

Version: unspecified < iOS 13.5.1 and iPadOS 13.5.1

Apple	macOS	Version: unspecified < macOS Catalina 10.15.5 Supplemental Update
Apple	tvOS	Version: unspecified < tvOS 13.4.6
Apple	watchOS	Version: unspecified < watchOS 6.2.6

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-9859

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:43:05.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211214"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-9859",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:39:52.955621Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9859"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T17:39:55.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.5.1 and iPadOS 13.5.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "macOS Catalina 10.15.5 Supplemental Update",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.4.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.2.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-05T14:40:05.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211214"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.5.1 and iPadOS 13.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "macOS Catalina 10.15.5 Supplemental Update"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.4.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to execute arbitrary code with kernel privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211214",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211214"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9859",
    "datePublished": "2020-06-05T14:40:05.000Z",
    "dateReserved": "2020-03-02T00:00:00.000Z",
    "dateUpdated": "2025-01-29T17:39:55.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-9859",
      "cwes": "[\"CWE-415\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-9859",
      "product": "Multiple Products",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9859\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-06-05T15:15:11.097\",\"lastModified\":\"2025-02-28T14:44:48.713\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de consumo de memoria con un manejo de memoria mejorado. Este problema esta corregido en iOS versi\u00f3n 13.5.1 y iPadOS versi\u00f3n 13.5.1, Supplemental Update de macOS Catalina versi\u00f3n 10.15.5, tvOS versi\u00f3n 13.4.6, watchOS versi\u00f3n 6.2.6. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios de kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple Multiple Products Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.5.1\",\"matchCriteriaId\":\"CDFF3251-4C9B-405D-8503-8CE07506D0FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.5.1\",\"matchCriteriaId\":\"7F2B7D88-D736-4349-BC37-784A7F7EEF2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.5\",\"matchCriteriaId\":\"99973242-A249-4C34-B042-5F833AE73708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4.6\",\"matchCriteriaId\":\"A80F48C2-A93D-4A14-AC15-67286C512CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.6\",\"matchCriteriaId\":\"EB3938AE-A4F3-40EE-84D6-26CDE46CA151\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211214\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\",\"Release Notes\"]},{\"url\":\"https://support.apple.com/HT211214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/HT211214\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T10:43:05.468Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-9859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T17:39:52.955621Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9859\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-415\", \"description\": \"CWE-415 Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T17:27:59.208Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"iOS 13.5.1 and iPadOS 13.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"macOS Catalina 10.15.5 Supplemental Update\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"tvOS 13.4.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"watchOS 6.2.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/HT211214\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"An application may be able to execute arbitrary code with kernel privileges\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2020-06-05T14:40:05.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"iOS 13.5.1 and iPadOS 13.5.1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"iOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"macOS Catalina 10.15.5 Supplemental Update\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"macOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"tvOS 13.4.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"tvOS\"}, {\"version\": {\"version_data\": [{\"version_value\": \"watchOS 6.2.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"watchOS\"}]}, \"vendor_name\": \"Apple\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://support.apple.com/HT211214\", \"name\": \"https://support.apple.com/HT211214\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"An application may be able to execute arbitrary code with kernel privileges\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-9859\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"product-security@apple.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-9859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-29T17:39:55.965Z\", \"dateReserved\": \"2020-03-02T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2020-06-05T14:40:05.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2020-9859

Vulnerability from fkie_nvd

Published

2020-06-05 15:15

Modified

2025-02-28 14:44

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	product-security@apple.com	https://support.apple.com/HT211214	Vendor Advisory, Release Notes
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211214	Vendor Advisory, Release Notes

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apple Multiple Products Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFF3251-4C9B-405D-8503-8CE07506D0FB",
              "versionEndExcluding": "13.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2B7D88-D736-4349-BC37-784A7F7EEF2F",
              "versionEndExcluding": "13.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99973242-A249-4C34-B042-5F833AE73708",
              "versionEndExcluding": "10.15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80F48C2-A93D-4A14-AC15-67286C512CCF",
              "versionEndExcluding": "13.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3938AE-A4F3-40EE-84D6-26CDE46CA151",
              "versionEndExcluding": "6.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de consumo de memoria con un manejo de memoria mejorado. Este problema esta corregido en iOS versi\u00f3n 13.5.1 y iPadOS versi\u00f3n 13.5.1, Supplemental Update de macOS Catalina versi\u00f3n 10.15.5, tvOS versi\u00f3n 13.4.6, watchOS versi\u00f3n 6.2.6. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios de kernel"
    }
  ],
  "id": "CVE-2020-9859",
  "lastModified": "2025-02-28T14:44:48.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-06-05T15:15:11.097",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory",
        "Release Notes"
      ],
      "url": "https://support.apple.com/HT211214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory",
        "Release Notes"
      ],
      "url": "https://support.apple.com/HT211214"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

gsd-2020-9859

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-9859

Aliases

CVE-2020-9859

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9859",
    "description": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2020-9859"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9859"
      ],
      "details": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2020-9859",
      "modified": "2023-12-13T01:21:52.351792Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2020-9859",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "iOS and iPadOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple 11-13.5 XNU Kernel Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9859",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.5.1 and iPadOS 13.5.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "macOS Catalina 10.15.5 Supplemental Update"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "tvOS 13.4.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "watchOS 6.2.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211214",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211214"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9859"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-415"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211214",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211214"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-09T16:41Z",
      "publishedDate": "2020-06-05T15:15Z"
    }
  }
}

ghsa-frwv-8c9x-7766

Vulnerability from github

Published

2022-05-24 17:19

Modified

2022-07-13 00:00

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-05T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-frwv-8c9x-7766",
  "modified": "2022-07-13T00:00:52Z",
  "published": "2022-05-24T17:19:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9859"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211214"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; tvOS prior to 13.4.6; watchOS prior to 6.2.6; iOS prior to 13.5.1; iPadOS prior to 13.5.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

iOS 13.5.1 and iPadOS 13.5.1 are now available and address the following:

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9859: unc0ver

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.5.1 and iPadOS 13.5.1". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJe1SzuAAoJEAc+Lhnt8tDNfgUQALNdUFDUuhhF2Zj7jjnx1E1m TNmYZj4OdHcJE9aGKBF4HcUrt5oAYWuyTiBsWYh7tk0Tgfur2QqnoiOGkFW5BfNq NW68jk6JZJwvWp+XSogRLDFMdfUKbSa16JJU2OtQLuRZ7AJsmaU4VT9vXFwv/t22 mXCgb7Uo1I0Ya0z3uJGxluwCi3XNgdu//i9Gcfm5MW6Vu14uaQ3JzYoApskOXQDC aTT/9qW1zJTv18u/qIhQQBj4N1TDY/NUMY8ZJrBAJTXqrHkOuV9jNPkcSeM+68Br 9ExmGm1lBoaX+gIDOvVHb+Br70fsuecFBYN5C/W35R51puyV3mqY3WPV7pPVVA/P Yh8PynmjcmCwFS0Ly9MAHqG/48QdusPIus0G08vRXqWrLUDArHLb9out/UOk6F8q JNtKYI1N7slsRvpPi357mHJ8XIz9aUxGdab3v/oUahTFEMDTo174DsWUcMMoPRFp kcnePBv8dOzOO/YKA7mKmvd0ASA4TvSH6E3moqovzihs7ZR+eGEl1sXIG+E1oNWL tjfSlrVAoNdjBNb3O10JTnS9YepIDszPnY9boOFKKmoMp38E6qcVU9zI8QC1UDg/ stmqoq761w1naa+qQXEvWrvDTKwTFUS2IJMEtGa6CHjGKaZL46h4Y87V2Cb/ZXJM db4SzQ1YvI6gUVn20QzV =JYpD -----END PGP SIGNATURE-----

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1646",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.5"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.5.1"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5.1 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5.1  \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5.1 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.5.1 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:ipados",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "db": "PACKETSTORM",
        "id": "157913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2020-9859",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-9859",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006180",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-187984",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-9859",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006180",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-9859",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006180",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-058",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187984",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9859",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; tvOS prior to 13.4.6; watchOS prior to 6.2.6; iOS prior to 13.5.1; iPadOS prior to 13.5.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1\n\niOS 13.5.1 and iPadOS 13.5.1 are now available and address the\nfollowing:\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-9859: unc0ver\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.5.1 and iPadOS 13.5.1\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJe1SzuAAoJEAc+Lhnt8tDNfgUQALNdUFDUuhhF2Zj7jjnx1E1m\nTNmYZj4OdHcJE9aGKBF4HcUrt5oAYWuyTiBsWYh7tk0Tgfur2QqnoiOGkFW5BfNq\nNW68jk6JZJwvWp+XSogRLDFMdfUKbSa16JJU2OtQLuRZ7AJsmaU4VT9vXFwv/t22\nmXCgb7Uo1I0Ya0z3uJGxluwCi3XNgdu//i9Gcfm5MW6Vu14uaQ3JzYoApskOXQDC\naTT/9qW1zJTv18u/qIhQQBj4N1TDY/NUMY8ZJrBAJTXqrHkOuV9jNPkcSeM+68Br\n9ExmGm1lBoaX+gIDOvVHb+Br70fsuecFBYN5C/W35R51puyV3mqY3WPV7pPVVA/P\nYh8PynmjcmCwFS0Ly9MAHqG/48QdusPIus0G08vRXqWrLUDArHLb9out/UOk6F8q\nJNtKYI1N7slsRvpPi357mHJ8XIz9aUxGdab3v/oUahTFEMDTo174DsWUcMMoPRFp\nkcnePBv8dOzOO/YKA7mKmvd0ASA4TvSH6E3moqovzihs7ZR+eGEl1sXIG+E1oNWL\ntjfSlrVAoNdjBNb3O10JTnS9YepIDszPnY9boOFKKmoMp38E6qcVU9zI8QC1UDg/\nstmqoq761w1naa+qQXEvWrvDTKwTFUS2IJMEtGa6CHjGKaZL46h4Y87V2Cb/ZXJM\ndb4SzQ1YvI6gUVn20QzV\n=JYpD\n-----END PGP SIGNATURE-----\n\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "db": "PACKETSTORM",
        "id": "157913"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9859",
        "trust": 3.0
      },
      {
        "db": "PACKETSTORM",
        "id": "157913",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98960050",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "48521",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1913",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1909",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157910",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "157912",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "157911",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33215",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-187984",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9859",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "db": "PACKETSTORM",
        "id": "157913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "id": "VAR-202006-1646",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:01:21.306000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211214",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT211214"
      },
      {
        "title": "HT211214",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT211214"
      },
      {
        "title": "Multiple Apple product Kernel Fixes for component resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121036"
      },
      {
        "title": "Known Exploited Vulnerabilities Detector",
        "trust": 0.1,
        "url": "https://github.com/Ostorlab/KEV "
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2020/06/08/security_roundup_june_5/"
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://threatpost.com/apple-jailbreak-zero-day-patch/156201/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-415",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9859"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211214"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9859"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98960050/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1909/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1913/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211214"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48521"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211215"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211215"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157913/apple-security-advisory-2020-06-01-4.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "db": "PACKETSTORM",
        "id": "157913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "db": "PACKETSTORM",
        "id": "157913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "date": "2020-06-02T22:25:22",
        "db": "PACKETSTORM",
        "id": "157912"
      },
      {
        "date": "2020-06-02T22:22:22",
        "db": "PACKETSTORM",
        "id": "157910"
      },
      {
        "date": "2020-06-02T22:23:23",
        "db": "PACKETSTORM",
        "id": "157911"
      },
      {
        "date": "2020-06-03T15:52:22",
        "db": "PACKETSTORM",
        "id": "157913"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "date": "2020-06-05T15:15:11.097000",
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187984"
      },
      {
        "date": "2023-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9859"
      },
      {
        "date": "2020-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      },
      {
        "date": "2024-11-21T05:41:25.417000",
        "db": "NVD",
        "id": "CVE-2020-9859"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product memory consumption vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006180"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-058"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-9859

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

fkie_cve-2020-9859

Vulnerability from fkie_nvd

gsd-2020-9859

Vulnerability from gsd

ghsa-frwv-8c9x-7766

Vulnerability from github

var-202006-1646

Vulnerability from variot

Tags

Sightings

Nomenclature