Home > Vulnerability Database > CVE-2020-3846

Mend.io Vulnerability Database

CVE-2020-3846

Good to know:

Date: February 27, 2020

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Language: C

Severity Score

6.8

Related Resources (4)

Url: https://support.apple.com/HT210948

Url: https://support.apple.com/HT210947

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-3846

Url: https://www.mend.io/vulnerability-database/CVE-2020-3846

Severity Score

6.8

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

Top Fix

Upgrade Version

Upgrade to version v2.9.11

Learn More

CVSS v3

Base Score:	6.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.3
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-3846

Good to know:

Date: February 27, 2020

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?