CVE-2020-9983

HIGH

iCloud - Out-of-bounds Write via Maliciously Crafted Web Content

Title source: llm
STIX 2.1

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.

References (15)

Core 15
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211843
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211850
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211844
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/HT211845
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211952
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/18
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/23/3
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4797
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT211935
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202012-10

Scores

CVSS v3 8.8
EPSS 0.0200
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (9)
apple/icloud 11.5
apple/ipados < 14.0
apple/iphone_os < 14.0
apple/itunes 12.10.9
apple/safari < 14.0
apple/tvos 14.0
apple/watchos 7.0
fedoraproject/fedora 32
fedoraproject/fedora 33
Published Oct 16, 2020
Tracked Since Feb 18, 2026