CVE-2020-27911 — Integer Overflow or Wraparound in Apple IOS AND Ipados

CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow5 documents5 sources

Severity

7.8HIGHNVD

EPSS

2.5%

top 14.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +5 more

Timeline

PublishedDec 8

Latest updateJun 13

Description

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5apple/tvosunspecified — 14.2

▶NVDapple/tvos< 14.2

▶CVEListV5apple/macosunspecified — 11.0+2

▶NVDapple/macos11.0 — 11.0.1

▶NVDapple/icloud< 11.5

🔴Vulnerability Details

GHSA

GHSA-hf7r-8668-4mm7: An integer overflow was addressed through improved input validation↗2022-05-24

▶

CVEList

CVE-2020-27911: An integer overflow was addressed through improved input validation↗2020-12-08

▶

📋Vendor Advisories

Microsoft

AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior↗2023-06-13

▶

Apple

CVE-2020-27911: iOS 14.2 and iPadOS 14.2↗2020-11-05

▶