CVE-2020-27926

Опубликовано: 08 дек. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Ссылки

http://seclists.org/fulldisclosure/2020/Dec/26
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT211929
Vendor Advisory
https://support.apple.com/kb/HT212011
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/26
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT211929
Vendor Advisory
https://support.apple.com/kb/HT212011
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 14.2 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 14.2 (исключая)

EPSS

Процентиль: 64%

0.00477

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-p532-pqr4-xw4g

github

больше 3 лет назад