CVE-2020-27911

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT211928	Vendor Advisory
https://support.apple.com/en-us/HT211929	Vendor Advisory
https://support.apple.com/en-us/HT211930	Vendor Advisory
https://support.apple.com/en-us/HT211931	Vendor Advisory
https://support.apple.com/en-us/HT211933	Vendor Advisory
https://support.apple.com/en-us/HT211935	Vendor Advisory
https://support.apple.com/kb/HT212011	Vendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT211928	Vendor Advisory
https://support.apple.com/en-us/HT211929	Vendor Advisory
https://support.apple.com/en-us/HT211930	Vendor Advisory
https://support.apple.com/en-us/HT211931	Vendor Advisory
https://support.apple.com/en-us/HT211933	Vendor Advisory
https://support.apple.com/en-us/HT211935	Vendor Advisory
https://support.apple.com/kb/HT212011	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

21 Nov 2024, 05:22

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2020/Dec/26 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2020/Dec/26 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2020/Dec/32 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2020/Dec/32 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT211928 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211928 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT211929 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211929 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT211930 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211930 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT211931 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211931 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT211933 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211933 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT211935 - Vendor Advisory~~	() https://support.apple.com/en-us/HT211935 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT212011 - Vendor Advisory~~	() https://support.apple.com/kb/HT212011 - Vendor Advisory

Information

Published : 2020-12-08 21:15

Updated : 2024-11-21 05:22

NVD link : CVE-2020-27911

Mitre link : CVE-2020-27911

CVE.ORG link : CVE-2020-27911

JSON object : View

Products Affected

apple

iphone_os
watchos
tvos
macos
ipados
icloud
itunes

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2020-27911", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-12-08T21:15:13.357", "references": [{"url": "http://seclists.org/fulldisclosure/2020/Dec/26", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/32", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211928", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211929", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211930", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211931", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211933", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211935", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT212011", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/26", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2020/Dec/32", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211928", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211929", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211930", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211931", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211933", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT211935", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT212011", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un desbordamiento de enteros con una comprobaci\u00f3n de entrada mejorada. Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, iCloud para Windows versi\u00f3n 11.5, tvOS versi\u00f3n 14.2, iTunes versi\u00f3n 12.11 para Windows. Un atacante remoto puede ser capaz de causar el cierre inesperado de la aplicaci\u00f3n o una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "lastModified": "2024-11-21T05:22:02.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709", "versionEndExcluding": "11.5"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "BB5256B0-7FBC-4A35-8E15-0C333EE0B366", "versionEndExcluding": "12.11"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC", "versionEndExcluding": "14.2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "468039C1-6A38-44D0-A0A1-294966117744", "versionEndExcluding": "14.2"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76BFC9D4-7D15-4C23-A54A-3F5A0B8BC542", "versionEndExcluding": "11.0.1", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DF8721-B1E2-45AF-87FD-14AB02B5506A", "versionEndExcluding": "14.2"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845B0F8C-2958-4BD2-9141-DCF894AFB953", "versionEndExcluding": "7.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}

7.8 /10