CVE-2020-9983
HIGHiCloud - Out-of-bounds Write via Maliciously Crafted Web Content
Title source: llmDescription
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
References (15)
Core 15
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211843
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211850
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211844
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211845
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211952
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/18
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/23/3
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4797
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211935
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202012-10
Scores
CVSS v3
8.8
EPSS
0.0200
EPSS Percentile
78.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (9)
apple/icloud
11.5
apple/ipados
< 14.0
apple/iphone_os
< 14.0
apple/itunes
12.10.9
apple/safari
< 14.0
apple/tvos
14.0
apple/watchos
7.0
fedoraproject/fedora
32
fedoraproject/fedora
33
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026