CVE-2020-9819 - Vulnerability Details - OpenCVE

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/HT211168
https://support.apple.com/HT211169
https://support.apple.com/HT211175
https://support.apple.com/HT211176

History

Wed, 29 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-06-09T16:12:28.000Z

Updated: 2025-01-29T17:39:28.491Z

Reserved: 2020-03-02T00:00:00.000Z

Link: CVE-2020-9819

Vulnrichment

Updated: 2024-08-04T10:43:05.138Z

NVD

Status : Analyzed

Published: 2020-06-09T17:15:13.377

Modified: 2025-02-28T14:44:48.713

Link: CVE-2020-9819

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "iOS 13.5 and iPadOS 13.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS-1", "vendor": "Apple", "versions": [{"lessThan": "iOS 12.4.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "watchOS 6.2.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS-1", "vendor": "Apple", "versions": [{"lessThan": "watchOS 5.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption."}], "problemTypes": [{"descriptions": [{"description": "Processing a maliciously crafted mail message may lead to heap corruption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T16:18:04.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211175"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211169"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211176"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-9819", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 13.5 and iPadOS 13.5"}]}}, {"product_name": "iOS-1", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 12.4.7"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "watchOS 6.2.5"}]}}, {"product_name": "watchOS-1", "version": {"version_data": [{"version_affected": "<", "version_value": "watchOS 5.3.7"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing a maliciously crafted mail message may lead to heap corruption"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT211168", "refsource": "MISC", "url": "https://support.apple.com/HT211168"}, {"name": "https://support.apple.com/HT211175", "refsource": "MISC", "url": "https://support.apple.com/HT211175"}, {"name": "https://support.apple.com/HT211169", "refsource": "MISC", "url": "https://support.apple.com/HT211169"}, {"name": "https://support.apple.com/HT211176", "refsource": "MISC", "url": "https://support.apple.com/HT211176"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:43:05.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211175"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211169"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211176"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T17:39:25.797873Z", "id": "CVE-2020-9819", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9819"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:39:28.491Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-9819", "datePublished": "2020-06-09T16:12:28.000Z", "dateReserved": "2020-03-02T00:00:00.000Z", "dateUpdated": "2025-01-29T17:39:28.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "iOS 13.5 and iPadOS 13.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS-1", "vendor": "Apple", "versions": [{"lessThan": "iOS 12.4.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "watchOS 6.2.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS-1", "vendor": "Apple", "versions": [{"lessThan": "watchOS 5.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption."}], "problemTypes": [{"descriptions": [{"description": "Processing a maliciously crafted mail message may lead to heap corruption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T16:18:04.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211175"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211169"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211176"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-9819", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 13.5 and iPadOS 13.5"}]}}, {"product_name": "iOS-1", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 12.4.7"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "watchOS 6.2.5"}]}}, {"product_name": "watchOS-1", "version": {"version_data": [{"version_affected": "<", "version_value": "watchOS 5.3.7"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing a maliciously crafted mail message may lead to heap corruption"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT211168", "refsource": "MISC", "url": "https://support.apple.com/HT211168"}, {"name": "https://support.apple.com/HT211175", "refsource": "MISC", "url": "https://support.apple.com/HT211175"}, {"name": "https://support.apple.com/HT211169", "refsource": "MISC", "url": "https://support.apple.com/HT211169"}, {"name": "https://support.apple.com/HT211176", "refsource": "MISC", "url": "https://support.apple.com/HT211176"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:43:05.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211175"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211169"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211176"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-9819", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T17:39:25.797873Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9819"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:27:54.602Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-9819", "datePublished": "2020-06-09T16:12:28.000Z", "dateReserved": "2020-03-02T00:00:00.000Z", "dateUpdated": "2025-01-29T17:39:28.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "9145C3CB-429B-4FB8-A0AC-B543E9FFF938", "versionEndExcluding": "13.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ACD1157-AD87-4487-897F-009FC3204A2A", "versionEndExcluding": "12.4.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "05AF2126-2012-4A6A-BF40-2870D87C85D8", "versionEndExcluding": "13.5", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC6365F-4E95-46F1-9FFD-E41BC8BFEAAA", "versionEndExcluding": "5.3.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4958B539-A747-4BCC-ACAD-CAA119EF7E64", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption."}, {"lang": "es", "value": "Se abord\u00f3 un problema de consumo de memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versi\u00f3n 13.5 y iPadOS versi\u00f3n 13.5, iOS 12.4.7, watchOS versi\u00f3n 6.2.5, watchOS 5.3.7. El procesamiento de un mensaje de correo electr\u00f3nico dise\u00f1ado con fines maliciosos puede conllevar a una corrupci\u00f3n de la pila"}], "id": "CVE-2020-9819", "lastModified": "2025-02-28T14:44:48.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-06-09T17:15:13.377", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211168"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211169"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211175"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211176"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}