8.8
CVE-2020-9983
- EPSS 2%
- Veröffentlicht 16.10.2020 17:15:18
- Zuletzt bearbeitet 21.11.2024 05:41:38
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2% | 0.781 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://seclists.org/fulldisclosure/2020/Nov/20
https://support.apple.com/kb/HT211850
http://seclists.org/fulldisclosure/2020/Nov/19
http://seclists.org/fulldisclosure/2020/Nov/22
https://support.apple.com/kb/HT211843
https://support.apple.com/kb/HT211844
https://support.apple.com/kb/HT211935
https://support.apple.com/kb/HT211952
http://seclists.org/fulldisclosure/2020/Nov/18
http://www.openwall.com/lists/oss-security/2020/11/23/3
https://security.gentoo.org/glsa/202012-10
https://support.apple.com/HT211845
https://www.debian.org/security/2020/dsa-4797
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/