CVE-2020-9849
Published: 8 December 2020
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
Notes
| Author | Note |
|---|---|
| mdeslaur | This may be an Apple-specific CVE, as of 2022-09-14, no details are available as to what the vulnerability is. Marking Ubuntu as not-affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(apple specific)
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Not vulnerable
(apple specific)
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Not vulnerable
(apple specific)
|
|
| kinetic |
Not vulnerable
(apple specific)
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Not vulnerable
(apple specific)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(apple specific)
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Not vulnerable
(apple specific)
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Not vulnerable
(apple specific)
|
|
| kinetic |
Not vulnerable
(apple specific)
|
|
| lunar |
Not vulnerable
(apple specific)
|
|
| mantic |
Not vulnerable
(apple specific)
|
|
| trusty |
Not vulnerable
(apple specific)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(apple specific)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |