cbcvebase.
CVE-2020-9895
published 2020-10-16

CVE-2020-9895: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Affected

21 ranges
VendorProductVersion rangeFixed in
appleicloud< 7.207.20
appleicloud>= 11.0 < 11.311.3
appleicloud_for_windows>= unspecified < iCloud for Windows 11.3iCloud for Windows 11.3
appleicloud_for_windows>= unspecified < iCloud for Windows 7.20iCloud for Windows 7.20
appleios>= unspecified < iOS 13.6 and iPadOS 13.6iOS 13.6 and iPadOS 13.6
appleios_13.6_and_ipados
appleipados< 13.613.6
appleiphone_os< 13.613.6
appleitunes< 12.10.812.10.8
appleitunes_for_windows>= unspecified < iTunes 12.10.8 for WindowsiTunes 12.10.8 for Windows
applesafari< 13.1.213.1.2
applesafari
applesafari>= unspecified < Safari 13.1.2Safari 13.1.2
appletvos< 13.4.813.4.8
appletvos
appletvos>= unspecified < tvOS 13.4.8tvOS 13.4.8
applewatchos< 6.2.86.2.8
applewatchos
applewatchos>= unspecified < watchOS 6.2.8watchOS 6.2.8
debianwebkit2gtk< webkit2gtk 2.28.4-1 (bookworm)webkit2gtk 2.28.4-1 (bookworm)
debianwpewebkit< webkit2gtk 2.28.4-1 (bookworm)webkit2gtk 2.28.4-1 (bookworm)

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL