CVE-2020-3909Classic Buffer Overflow in Apple Icloud FOR Windows

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.6%
top 14.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Apple Icloud FOR WindowsApple IOSApple Itunes FOR Windows+9 more
Timeline
PublishedApr 1
Latest updateMay 24

Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages14 packages

CVEListV5apple/icloud_for_windowsunspecifiediCloud for Windows 10.9.3+1
CVEListV5apple/itunes_for_windowsunspecifiediTunes for Windows 12.10.5
NVDapple/icloud10.910.9.3+1
CVEListV5apple/tvosunspecifiedtvOS 13.4
NVDapple/tvos< 13.4

🔴Vulnerability Details

2
GHSA
GHSA-whm7-8425-m86f: A buffer overflow was addressed with improved bounds checking2022-05-24
CVEList
CVE-2020-3909: A buffer overflow was addressed with improved bounds checking2020-04-01
CVE-2020-3909 — Classic Buffer Overflow in Apple | cvebase