{"containers": {"cna": {"affected": [{"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "Safari 14.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-23T21:06:27", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211843"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211850"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211844"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211845"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211952"}, {"name": "20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Nov/18"}, {"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Nov/19"}, {"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Nov/20"}, {"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Nov/22"}, {"name": "[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"}, {"name": "DSA-4797", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4797"}, {"name": "FEDORA-2020-145877bcd3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211935"}, {"name": "FEDORA-2020-e8a7566e80", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"}, {"name": "GLSA-202012-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202012-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-9983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "Safari 14.0"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT211843", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211843"}, {"name": "https://support.apple.com/kb/HT211850", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211850"}, {"name": "https://support.apple.com/kb/HT211844", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211844"}, {"name": "https://support.apple.com/HT211845", "refsource": "MISC", "url": "https://support.apple.com/HT211845"}, {"name": "https://support.apple.com/kb/HT211952", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211952"}, {"name": "20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Nov/18"}, {"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Nov/19"}, {"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Nov/20"}, {"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Nov/22"}, {"name": "[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"}, {"name": "DSA-4797", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4797"}, {"name": "FEDORA-2020-145877bcd3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/"}, {"name": "https://support.apple.com/kb/HT211935", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211935"}, {"name": "FEDORA-2020-e8a7566e80", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"}, {"name": "GLSA-202012-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202012-10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:50:57.422Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211843"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211850"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211844"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211845"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211952"}, {"name": "20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Nov/18"}, {"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Nov/19"}, {"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Nov/20"}, {"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Nov/22"}, {"name": "[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"}, {"name": "DSA-4797", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4797"}, {"name": "FEDORA-2020-145877bcd3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211935"}, {"name": "FEDORA-2020-e8a7566e80", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"}, {"name": "GLSA-202012-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-10"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-9983", "datePublished": "2020-10-16T16:56:13", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:50:57.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:11.5:*:*:*:*:windows:*:*", "matchCriteriaId": "474ABB67-779A-4B9D-93AB-B872DE9E7C37", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:12.10.9:*:*:*:*:windows:*:*", "matchCriteriaId": "1D93E5A9-7BA4-481C-93C3-711947F581BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DE1F811-8D4C-4C36-82DB-FE761C07FD0B", "versionEndExcluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA", "versionEndExcluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF", "versionEndExcluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "13D32210-7DF0-44D5-8FAE-99A22F5BD1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "165146A0-4F5E-42D0-95EF-64154D429C3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de escritura fuera de l\u00edmites con una comprobaci\u00f3n de l\u00edmites mejorada. Este problema es corregido en Safari versi\u00f3n 14.0. El procesamiento de contenido web creado maliciosamente puede conllevar la ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2020-9983", "lastModified": "2024-11-21T05:41:38.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-16T17:15:18.370", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/18"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/19"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/20"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/22"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-10"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211845"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211843"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211844"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211850"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211935"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211952"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Nov/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT211952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4797"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1586", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.30.4-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: out-of-bounds write may lead to code execution", "id": "1901221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901221"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution."], "name": "CVE-2020-9983", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-9983\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9983"], "threat_severity": "Moderate"}