CVE-2020-3909
high-risk
Published 2020-04-01
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
Do I need to act?
~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (8)
References (16)
Vendor Advisory
https://support.apple.com/HT211100
Vendor Advisory
https://support.apple.com/HT211101
Vendor Advisory
https://support.apple.com/HT211102
Vendor Advisory
https://support.apple.com/HT211103
Vendor Advisory
https://support.apple.com/HT211105
Vendor Advisory
https://support.apple.com/HT211106
Vendor Advisory
https://support.apple.com/HT211107
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
https://support.apple.com/HT211100
Vendor Advisory
https://support.apple.com/HT211101
Vendor Advisory
https://support.apple.com/HT211102
Vendor Advisory
https://support.apple.com/HT211103
Vendor Advisory
https://support.apple.com/HT211105
Vendor Advisory
https://support.apple.com/HT211106
Vendor Advisory
https://support.apple.com/HT211107
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
6/34 · Minimal
Exposure
14/34 · Moderate