CVE-2020-9794
Published: 9 June 2020
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
Notes
Author | Note |
---|---|
mdeslaur | This may be an Apple-specific CVE, as of 2022-09-14, no details are available as to what the vulnerability is. Marking Ubuntu as not-affected. |
Priority
Status
Package | Release | Status |
---|---|---|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(apple specific)
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(apple specific)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(apple specific)
|
|
kinetic |
Not vulnerable
(apple specific)
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
(apple specific)
|
|
upstream |
Needs triage
|
|
xenial |
Deferred
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(apple specific)
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(apple specific)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(apple specific)
|
|
kinetic |
Not vulnerable
(apple specific)
|
|
lunar |
Not vulnerable
(apple specific)
|
|
mantic |
Not vulnerable
(apple specific)
|
|
trusty |
Not vulnerable
(apple specific)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(apple specific)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |