ByteOS Network

Vulnerability Details :

CVE-2020-3910

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-01 Apr, 2020 | 17:54

Updated At-04 Aug, 2024 | 07:52

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:01 Apr, 2020 | 17:54

Updated At:04 Aug, 2024 | 07:52

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Apple Inc.

Product

iOS

Versions

Affected

From unspecified before iOS 13.4 and iPadOS 13.4 (custom)

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before macOS Catalina 10.15.4 (custom)

Vendor

Apple Inc.

Product

tvOS

Versions

Affected

From unspecified before tvOS 13.4 (custom)

Vendor

Apple Inc.

Product

watchOS

Versions

Affected

From unspecified before watchOS 6.2 (custom)

Vendor

Apple Inc.

Product

iTunes for Windows

Versions

Affected

From unspecified before iTunes for Windows 12.10.5 (custom)

Vendor

Apple Inc.

Product

iCloud for Windows

Versions

Affected

From unspecified before iCloud for Windows 10.9.3 (custom)

Vendor

Apple Inc.

Product

iCloud for Windows (Legacy)

Versions

Affected

From unspecified before iCloud for Windows 7.18 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	Multiple issues in libxml2

Type: text

CWE ID: N/A

Description: Multiple issues in libxml2

References

Hyperlink	Resource
https://support.apple.com/HT211100	x_refsource_MISC
https://support.apple.com/HT211102	x_refsource_MISC
https://support.apple.com/HT211101	x_refsource_MISC
https://support.apple.com/HT211103	x_refsource_MISC
https://support.apple.com/HT211105	x_refsource_MISC
https://support.apple.com/HT211106	x_refsource_MISC
https://support.apple.com/HT211107	x_refsource_MISC

Hyperlink: https://support.apple.com/HT211100

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211102

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211101

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211103

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211105

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211106

Resource:

x_refsource_MISC

Hyperlink: https://support.apple.com/HT211107

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://support.apple.com/HT211100	x_refsource_MISC x_transferred
https://support.apple.com/HT211102	x_refsource_MISC x_transferred
https://support.apple.com/HT211101	x_refsource_MISC x_transferred
https://support.apple.com/HT211103	x_refsource_MISC x_transferred
https://support.apple.com/HT211105	x_refsource_MISC x_transferred
https://support.apple.com/HT211106	x_refsource_MISC x_transferred
https://support.apple.com/HT211107	x_refsource_MISC x_transferred

Hyperlink: https://support.apple.com/HT211100

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211102

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211101

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211103

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211105

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211106

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.apple.com/HT211107

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@apple.com

Published At:01 Apr, 2020 | 18:15

Updated At:02 Apr, 2020 | 19:38

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Apple Inc.

>>icloud>>Versions before 10.9.3(exclusive)

cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*

Apple Inc.

>>itunes>>Versions before 12.10.5(exclusive)

cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*

Apple Inc.

>>ipados>>Versions before 13.4(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 13.4(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>mac_os_x>>Versions before 10.15.4(exclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions before 13.4(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 6.2(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov