CVE-2020-3910 — Classic Buffer Overflow in Apple Icloud FOR Windows

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 21.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +8 more

Timeline

PublishedApr 1

Latest updateMay 24

Description

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 10.9.3+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.5

▶NVDapple/icloud< 10.9.3

▶CVEListV5apple/tvosunspecified — tvOS 13.4

▶NVDapple/tvos< 13.4

🔴Vulnerability Details

GHSA

GHSA-x64x-rrww-g377: A buffer overflow was addressed with improved size validation↗2022-05-24

▶

CVEList

CVE-2020-3910: A buffer overflow was addressed with improved size validation↗2020-04-01

▶