CVE-2020-3899 — Uncontrolled Resource Consumption in Apple Icloud FOR Windows

CWE-400 — Uncontrolled Resource Consumption8 documents8 sources

Severity

8.8HIGHNVD

EPSS

3.2%

top 12.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedApr 1

Latest updateMay 24

Description

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 10.9.3+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.5

▶NVDapple/icloud10.0.0 — 10.9.3+1

▶CVEListV5apple/tvosunspecified — tvOS 13.4

▶NVDapple/tvos< 13.4

🔴Vulnerability Details

GHSA

GHSA-r89q-c9hq-6hvp: A memory consumption issue was addressed with improved memory handling↗2022-05-24

▶

OSV

CVE-2020-3899: A memory consumption issue was addressed with improved memory handling↗2020-04-01

▶

CVEList

CVE-2020-3899: A memory consumption issue was addressed with improved memory handling↗2020-04-01

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerability↗2020-04-29

▶

Red Hat

webkitgtk: Memory consumption issue leading to arbitrary code execution↗2020-04-27

▶

Debian

CVE-2020-3899: webkit2gtk - A memory consumption issue was addressed with improved memory handling. This iss...↗2020

▶

💬Community

Bugzilla

CVE-2020-3899 webkitgtk: Memory consumption issue leading to arbitrary code execution↗2020-09-07

▶