CVE-2020-3834Out-of-bounds Write in Apple Watchos

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 40.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Watchos
Timeline
PublishedFeb 27
Latest updateMay 24

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/watchosunspecifiedwatchOS 6.1.2
NVDapple/watchos< 6.1.2

🔴Vulnerability Details

1
GHSA
GHSA-5h6m-gmr5-q25w: A memory corruption issue was addressed with improved state management2022-05-24

💬Community

1
Bugzilla
CVE-2020-15677 Mozilla: Download origin spoofing via redirect2020-09-22