CVE-2020-3885 — Always-Incorrect Control Flow Implementation in Apple Icloud FOR Windows

CWE-670 — Always-Incorrect Control Flow Implementation7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 26.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +6 more

Timeline

PublishedApr 1

Latest updateMay 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages11 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 10.9.3+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.5

▶NVDapple/icloud10.0.0 — 10.9.3+1

▶CVEListV5apple/tvosunspecified — tvOS 13.4

▶NVDapple/tvos< 13.4

🔴Vulnerability Details

GHSA

GHSA-mqcp-c96v-gj7w: A logic issue was addressed with improved restrictions↗2022-05-24

▶

CVEList

CVE-2020-3885: A logic issue was addressed with improved restrictions↗2020-04-01

▶

OSV

CVE-2020-3885: A logic issue was addressed with improved restrictions↗2020-04-01

▶

📋Vendor Advisories

Red Hat

webkitgtk: Incorrect processing of file URLs↗2020-04-27

▶

Debian

CVE-2020-3885: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i...↗2020

▶

💬Community

Bugzilla

CVE-2020-3885 webkitgtk: Incorrect processing of file URLs↗2020-09-07

▶