Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-9856Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Macos

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
18.9%
top 4.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedJun 9
Latest updateMay 24

Description

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5apple/macosunspecifiedmacOS Catalina 10.15.5
NVDapple/mac_os_x10.1310.13.6+4

🔴Vulnerability Details

1
GHSA
GHSA-g92g-c8h9-p2rw: This issue was addressed with improved checks2022-05-24

💥Exploits & PoCs

1
Metasploit
Safari in Operator Side Effect Exploit
CVE-2020-9856 — Apple Macos vulnerability | cvebase