Vulnerability-Lookup

CVE-2020-13524 (GCVE-0-2020-13524)

Vulnerability from cvelistv5 – Published: 2020-12-03 17:03 – Updated: 2024-08-04 12:18

Summary

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

talos

References

URL

Tags

	https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Dec/32	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2020/Dec/26	mailing-listx_refsource_FULLDISC
	https://support.apple.com/kb/HT212011	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Pixar	Affected: Pixar OpenUSD 20.05 , Apple macOS Catalina 10.15.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:18:18.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pixar",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Pixar OpenUSD 20.05 , Apple macOS Catalina 10.15.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T15:13:38.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-13524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pixar",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Pixar OpenUSD 20.05 , Apple macOS Catalina 10.15.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
            },
            {
              "name": "https://support.apple.com/kb/HT212011",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13524",
    "datePublished": "2020-12-03T17:03:20.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:18:18.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2020-13524

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-13524

Aliases

CVE-2020-13524

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-13524",
    "description": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",
    "id": "GSD-2020-13524"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-13524"
      ],
      "details": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",
      "id": "GSD-2020-13524",
      "modified": "2023-12-13T01:21:47.469178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2020-13524",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Pixar",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Pixar OpenUSD 20.05 , Apple macOS Catalina 10.15.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 6.3,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
          },
          {
            "name": "https://support.apple.com/kb/HT212011",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212011"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "versionStartIncluding": "10.14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-13524"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
            },
            {
              "name": "https://support.apple.com/kb/HT212011",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212011"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-07T18:36Z",
      "publishedDate": "2020-12-03T18:15Z"
    }
  }
}

FKIE_CVE-2020-13524

Vulnerability from fkie_nvd - Published: 2020-12-03 18:15 - Updated: 2024-11-21 05:01

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
talos-cna@cisco.com	http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List, Third Party Advisory
talos-cna@cisco.com	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
talos-cna@cisco.com	https://support.apple.com/kb/HT212011	Third Party Advisory
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212011	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
pixar	openusd	20.05
apple	mac_os_x	*
apple	mac_os_x	*
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.15.7
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "2989B344-FD33-4F80-9204-4A85CC59CF90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0",
              "versionEndExcluding": "10.14.6",
              "versionStartIncluding": "10.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
              "versionEndExcluding": "10.15.7",
              "versionStartIncluding": "10.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
              "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
              "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
              "matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
              "matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
              "matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
              "matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
              "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
              "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
              "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
              "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
              "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "2C88BD98-46F5-447F-963A-FB9B167E31BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DA669D-2EF4-43FE-91C5-982BB4377178",
              "versionEndExcluding": "11.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de corrupci\u00f3n de memoria fuera de l\u00edmites en la forma en que Pixar OpenUSD versi\u00f3n 20.05, usa datos SPECS de archivos binarios USD. Un archivo malformado especialmente dise\u00f1ado puede desencadenar un acceso a la memoria fuera de l\u00edmites y una modificaci\u00f3n que resulta en una corrupci\u00f3n de memoria. Para activar esta vulnerabilidad, la v\u00edctima necesita acceder a un archivo malformado proporcionado por el atacante"
    }
  ],
  "id": "CVE-2020-13524",
  "lastModified": "2024-11-21T05:01:25.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-03T18:15:10.690",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212011"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-AVI-717

Vulnerability from certfr_avis - Published: 2020-11-06 - Updated: 2023-12-20

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iPadOS versions 14.x antérieures à 14.2
Apple	macOS	Apple macOS Catalina versions antérieures à 10.15.7
Apple	N/A	Apple tvOS versions 14.x antérieures à 14.2
Apple	N/A	Apple watchOS versions 7.x antérieures à 7.1
Apple	N/A	Apple watchOS versions 5.x antérieures à 5.3.9
Apple	N/A	Apple watchOS versions 6.x antérieures à 6.2.9
Apple	N/A	Apple iOS versions 14.x antérieures à 14.2
Apple	N/A	Apple iOS versions 12.x antérieures à 12.4.9

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211945 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211930 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211947 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211944 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211929 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211940 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211928 du 05 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPadOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 10.15.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 7.x ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 6.x ant\u00e9rieures \u00e0 6.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 12.x ant\u00e9rieures \u00e0 12.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10011"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-27909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27909"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-27925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27925"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-27926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27926"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-27902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27902"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-27929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27929"
    },
    {
      "name": "CVE-2020-27905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27905"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    }
  ],
  "initial_release_date": "2020-11-06T00:00:00",
  "last_revision_date": "2023-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-717",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-06T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211945 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211945"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211930 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211947 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211947"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211944 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211944"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211929 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211929"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211940 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211940"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211928 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211928"
    }
  ]
}

CERTFR-2020-AVI-747

Vulnerability from certfr_avis - Published: 2020-11-13 - Updated: 2020-11-13

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS High Sierra versions 10.13.x versions antérieures à 10.13.6
Apple	Safari	Safari versions antérieures à 14.0.1
Apple	macOS	macOS Mojave versions 10.14.x versions antérieures à 10.14.6
Apple	macOS	macOS Big Sur versions 11.0.x versions antérieures à 11.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211934 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211946 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211931 du 12 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS High Sierra versions 10.13.x versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions 10.14.x versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.0.x versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27903"
    },
    {
      "name": "CVE-2020-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9977"
    },
    {
      "name": "CVE-2020-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9945"
    },
    {
      "name": "CVE-2020-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9991"
    },
    {
      "name": "CVE-2020-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9941"
    },
    {
      "name": "CVE-2020-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9963"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27894"
    },
    {
      "name": "CVE-2020-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9883"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9944"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27906"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9988"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10009"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9996"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9999"
    },
    {
      "name": "CVE-2020-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10014"
    },
    {
      "name": "CVE-2020-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9949"
    },
    {
      "name": "CVE-2020-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10006"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9942"
    },
    {
      "name": "CVE-2020-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10007"
    },
    {
      "name": "CVE-2020-10663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10663"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9966"
    },
    {
      "name": "CVE-2020-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9965"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9969"
    },
    {
      "name": "CVE-2020-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27900"
    },
    {
      "name": "CVE-2020-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10012"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9989"
    },
    {
      "name": "CVE-2020-27896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27896"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2020-27898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27898"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9943"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "initial_release_date": "2020-11-13T00:00:00",
  "last_revision_date": "2020-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-747",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211934 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211934"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211946 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211931 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211931"
    }
  ]
}

GHSA-8F9R-9957-FJ34

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-13524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-03T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",
  "id": "GHSA-8f9r-9957-fj34",
  "modified": "2022-05-24T17:35:06Z",
  "published": "2022-05-24T17:35:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13524"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212011"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-13524 (GCVE-0-2020-13524)

GSD-2020-13524

FKIE_CVE-2020-13524

CERTFR-2020-AVI-717

Solution

CERTFR-2020-AVI-747

Solution

GHSA-8F9R-9957-FJ34

Tags

Sightings

Nomenclature