CVE-2020-9983

Published Oct 16, 2020

Last updated a year ago

CVSS high 8.8

Overview

Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:icloud:11.5:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "474ABB67-779A-4B9D-93AB-B872DE9E7C37"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:12.10.9:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D93E5A9-7BA4-481C-93C3-711947F581BD"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE1F811-8D4C-4C36-82DB-FE761C07FD0B",
            "versionEndExcluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA",
            "versionEndExcluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF",
            "versionEndExcluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13D32210-7DF0-44D5-8FAE-99A22F5BD1C3"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "165146A0-4F5E-42D0-95EF-64154D429C3F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References