CVE-2020-3868 — Out-of-bounds Write in Apple Icloud FOR Windows

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer20 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 49.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedFeb 27

Latest updateMay 24

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 11.0+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.4

▶NVDapple/icloud10.0 — 10.8+1

▶CVEListV5apple/tvosunspecified — tvOS 13.3.1

▶NVDapple/tvos< 13.3.1

Patches

Patch: lists.opensuse.org ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-whv5-w93h-96xh: Multiple memory corruption issues were addressed with improved memory handling↗2022-05-24

▶

OSV

CVE-2020-3868: Multiple memory corruption issues were addressed with improved memory handling↗2020-02-27

▶

CVEList

CVE-2020-3868: Multiple memory corruption issues were addressed with improved memory handling↗2020-02-27

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2020-02-18

▶

Red Hat

webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-02-14

▶

Debian

CVE-2020-3868: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ...↗2020

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari↗2020-02-12

▶

💬Community

Bugzilla

CVE-2020-3868 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07

▶

Bugzilla

CVE-2019-7638 SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c↗2019-02-14

▶

Bugzilla

CVE-2019-7636 SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c↗2019-02-14

▶

Bugzilla

CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c↗2019-02-14

▶

Bugzilla

CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c↗2019-02-14

▶