CVE-2020-9932

Опубликовано: 27 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.

Ссылки

https://support.apple.com/en-us/HT210603
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT210604
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT210605
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT210603
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT210604
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT210605
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 13.0.1 (исключая)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 13.1 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 13.1 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 13.0 (исключая)

EPSS

Процентиль: 75%

0.00874

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-w848-4qq3-q4r3

github

больше 3 лет назад