CVE-2020-3843

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow4 documents4 sources

Severity

8.8HIGH

EPSS

1.7%

top 17.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Ios-1 Apple Watchos-1 Apple Iphone OS +1 more

Timeline

PublishedFeb 27

Latest updateMay 24

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDapple/watchos< 5.3.7

▶CVEListV5apple/watchos-1unspecified — watchOS 5.3.7

▶CVEListV5apple/ios-1unspecified — iOS 12.4.7

▶NVDapple/iphone_os< 12.4.7

🔴Vulnerability Details

GHSA

GHSA-p4qp-fw5j-87q5: A memory corruption issue was addressed with improved input validation↗2022-05-24

▶

Project0

An iOS zero-click radio proximity exploit odyssey - Project Zero↗2020-12-01

▶

CVEList

CVE-2020-3843: A memory corruption issue was addressed with improved input validation↗2020-02-27

▶