Apple iOS/iPadOS up to 13.4.1 SQLite out-of-bounds read

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple iOS and iPadOS up to 13.4.1 (Smartphone Operating System) and classified as critical. Affected by this issue is an unknown code of the component SQLite. Upgrading to version 13.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field05/30/2020 12:53 AM05/30/2020 12:58 AM10/20/2020 09:44 AM
vendorAppleAppleApple
nameiOS/iPadOSiOS/iPadOSiOS/iPadOS
version<=13.4.1<=13.4.1<=13.4.1
componentSQLiteSQLiteSQLite
risk222
historic000
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore3.63.63.6
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.76.76.7
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
advisoryquoteAn out-of-bounds read was addressed with improved bounds checking.An out-of-bounds read was addressed with improved bounds checking.An out-of-bounds read was addressed with improved bounds checking.
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168
identifierHT211168HT211168HT211168
disputed000
price_0day$25k-$100k$25k-$100k$25k-$100k
price_trend+++
nameUpgradeUpgradeUpgrade
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
upgrade_version13.513.513.5
cveCVE-2020-9794CVE-2020-9794CVE-2020-9794
seealso155694 155727 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767155694 155727 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767155694 155727 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore8.18.18.1
typeSmartphone Operating SystemSmartphone Operating System
cwe0125 (information disclosure)125 (information disclosure)
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iNN
cvss3_nvd_aHH
cve_assigned1583103600
cve_nvd_summaryAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!