CVE-2020-9852Integer Overflow or Wraparound in Apple Macos

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 32.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOSApple MacosApple Tvos+4 more
Timeline
PublishedJun 9
Latest updateMay 24

Description

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5apple/tvosunspecifiedtvOS 13.4.5
NVDapple/tvos< 13.4.5
CVEListV5apple/macosunspecifiedmacOS Catalina 10.15.5
NVDapple/ipados< 13.5
CVEListV5apple/watchosunspecifiedwatchOS 6.2.5

🔴Vulnerability Details

2
GHSA
GHSA-x87m-w3x6-cv64: An integer overflow was addressed through improved input validation2022-05-24
CVEList
CVE-2020-9852: An integer overflow was addressed through improved input validation2020-06-09
CVE-2020-9852 — Integer Overflow or Wraparound in Apple | cvebase