⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-9819

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow6 documents6 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 38.49%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Apple IOSApple Ios-1Apple Watchos+3 more
Timeline
PublishedJun 9
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5apple/watchosunspecifiedwatchOS 6.2.5
NVDapple/watchos6.0.06.2.5+1
CVEListV5apple/watchos-1unspecifiedwatchOS 5.3.7
NVDapple/ipados< 13.5
CVEListV5apple/iosunspecifiediOS 13.5 and iPadOS 13.5

🔴Vulnerability Details

3
GHSA
GHSA-x45r-8w3c-gwgc: A memory consumption issue was addressed with improved memory handling2022-05-24
CVEList
CVE-2020-9819: A memory consumption issue was addressed with improved memory handling2020-06-09
VulnCheck
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability2020

📋Vendor Advisories

1
CISA
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability2021-11-03