Vulnerability Description
An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 13.3.1 |
| Apple | Iphone Os | < 13.3.1 |
| Apple | Mac Os X | < 10.15.3 |
| Apple | Tvos | < 13.3.1 |
Related Weaknesses (CWE)
References
- https://support.apple.com/HT210918Release NotesVendor Advisory
- https://support.apple.com/HT210919Release NotesVendor Advisory
- https://support.apple.com/HT210920Release NotesVendor Advisory
- https://support.apple.com/HT210918Release NotesVendor Advisory
- https://support.apple.com/HT210919Release NotesVendor Advisory
- https://support.apple.com/HT210920Release NotesVendor Advisory
FAQ
What is CVE-2020-3840?
CVE-2020-3840 is a vulnerability with a CVSS score of 7.8 (HIGH). An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalin...
How severe is CVE-2020-3840?
CVE-2020-3840 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3840?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Mac Os X, Apple Tvos.