Home > Vulnerability Database > CVE-2020-3846

Mend.io Vulnerability Database

CVE-2020-3846

Good to know:

Date: February 27, 2020

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Language: C

Severity Score

8.8

Related Resources (4)

Url: https://support.apple.com/HT210948

Url: https://support.apple.com/HT210947

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-3846

Url: https://www.mend.io/vulnerability-database/CVE-2020-3846

Severity Score

8.8

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

Top Fix

Upgrade Version

Upgrade to version v2.9.11

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-3846

Good to know:

Date: February 27, 2020

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?