Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
829
VMScore

CVE-2020-3837

Published: 27/02/2020 Updated: 21/07/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple ipados

apple tvos

apple watchos

apple mac os x

Mailing Lists

Full Disclosure: APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-28-1 iOS 1331 and iPadOS 1331 iOS 1331 and iPadOS 1331 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary co ...
Full Disclosure: APPLE-SA-2020-1-28-3 watchOS 6.1.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-28-3 watchOS 612 watchOS 612 is now available and addresses the following: AnnotationKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read ...
Full Disclosure: APPLE-SA-2020-1-28-4 tvOS 13.3.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-28-4 tvOS 1331 tvOS 1331 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory h ...
Full Disclosure: APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-28-2 macOS Catalina 10153, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra macOS Catalina 10153, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address the following: AnnotationKit Available for: macOS Catali ...

Github Repositories

https://github.com/TrungNguyen1909/ExtremeVulnerableDriver_XNU

Extreme Vulnerable IOKit driver

ExtremeVulnerableDriver This is a XNU (IOKit) kernel extension inspired by the hacksysteam/HackSysExtremeVulnerableDriver written by me (TrungNguyen1909) ExtremeVulnerableDriver is intentionally vulnerable XNU driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level Types of vulnerabilities Stack buffer overflow (based on matesC

https://github.com/jakeajames/time_waste

iOS 12.0-13.3 tfp0

time_waste iOS 120-133 tfp0 for all devices (in theory) using heap overflow bug by Brandon Azad (CVE-2020-3837) and cuck00 info leak by Siguza (will probably remove in the future) Exploitation is mostly the same as oob_timestamp with a few differences The main difference is that this one does not rely on hardcoded addresses and thus should be more reliable The rest of the

References

CWE-787https://support.apple.com/HT210918https://support.apple.com/HT210919https://support.apple.com/HT210920https://support.apple.com/HT210921https://nvd.nist.govhttps://github.com/TrungNguyen1909/ExtremeVulnerableDriver_XNUhttp://seclists.org/fulldisclosure/2020/Jan/42
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267XML injectionCVE-2024-37673CVE-2024-6266CVE-2024-30078arbitrary CVE-2024-36886CVE-2024-5346template injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook