Lucene search

[email protected]NVD:CVE-2020-36521

HistorySep 23, 2022 - 7:15 p.m.

CVE-2020-36521

2022-09-2319:15:10

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-36521

icloud for windows

ios 14.0

ipados 14.0

watchos 7.0

tvos 14.0

itunes for windows

memory disclosure

denial-of-service

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

49.5%

JSON

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Affected configurations

NVD

Node

appleicloudRange<7.21windows

appleicloudRange11.0–11.4windows

appleitunesRange<12.10.9windows

appleipadosRange<14.0

appleiphone_osRange<14.0

applemacosRange<10.15.7

appletvosRange<14.0

applewatchosRange<7.0

References

support.apple.com/en-us/HT211843

support.apple.com/en-us/HT211844

support.apple.com/en-us/HT211846

support.apple.com/en-us/HT211847

support.apple.com/en-us/HT211850

support.apple.com/en-us/HT211952

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for NVD:CVE-2020-36521

cve1 prion1 cvelist1 kaspersky3 apple6 openvas1