CVE-2020-27918
Description
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.234
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in iCloud 11.5 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.9 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.6 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes 12.10.9 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes 12.9.6 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes 12.10 | Windows |
| Vulnerabilities CVE-2020-27918,CVE-2020-7463,CVE-2020-9945,CVE-2020-9993 are affected in Apple Safari 14.0 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.10.9 | Mac |
| Vulnerabilities CVE-2020-27918,CVE-2020-9945 are affected in Apple Safari for MAC 14.0 | Mac |
| Vulnerabilities CVE-2020-27918,CVE-2020-9945,CVE-2020-9993 are affected in Apple Safari for MAC 14.0 | Mac |
| Vulnerabilities CVE-2020-27918,CVE-2020-7463,CVE-2020-9945 are affected in Apple Safari for MAC 14.0 | Mac |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.20.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.20.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.20.10.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libwebkit2gtk-4.0-37_2.30.6-0ubuntu0.20.10.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.20.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.20.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.20.10.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-4894-1) libjavascriptcoregtk-4.0-18_2.30.6-0ubuntu0.20.10.1_amd64.deb | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-debuginfo-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-debuginfo-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk3-lang-2.32.1-2.63.3.noarch.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2-4_0-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2021:1990-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk3-debugsource-2.32.1-2.63.3.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk3-lang-2.34.3-2.82.1.noarch.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2-4_0-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk3-debugsource-2.34.3-2.82.1.x86_64.rpm | Linux |
| LibRaw update (ELSA-2021-4381) LibRaw-0.19.5-3.el8.i686.rpm | Linux |
| LibRaw update (ELSA-2021-4381) LibRaw-0.19.5-3.el8.x86_64.rpm | Linux |
| Accountsservice update (ELSA-2021-4381) accountsservice-0.6.55-2.el8.x86_64.rpm | Linux |
| Accountsservice-libs update (ELSA-2021-4381) accountsservice-libs-0.6.55-2.el8.i686.rpm | Linux |
| Accountsservice-libs update (ELSA-2021-4381) accountsservice-libs-0.6.55-2.el8.x86_64.rpm | Linux |
| Gdm update (ELSA-2021-4381) gdm-40.0-15.el8.i686.rpm | Linux |
| Gdm update (ELSA-2021-4381) gdm-40.0-15.el8.x86_64.rpm | Linux |
| Gnome-autoar update (ELSA-2021-4381) gnome-autoar-0.2.3-2.el8.i686.rpm | Linux |
| Gnome-autoar update (ELSA-2021-4381) gnome-autoar-0.2.3-2.el8.x86_64.rpm | Linux |
| Gnome-calculator update (ELSA-2021-4381) gnome-calculator-3.28.2-2.el8.x86_64.rpm | Linux |
| Gnome-classic-session update (ELSA-2021-4381) gnome-classic-session-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-control-center update (ELSA-2021-4381) gnome-control-center-3.28.2-28.el8.x86_64.rpm | Linux |
| Gnome-control-center-filesystem update (ELSA-2021-4381) gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm | Linux |
| Gnome-online-accounts update (ELSA-2021-4381) gnome-online-accounts-3.28.2-3.el8.i686.rpm | Linux |
| Gnome-online-accounts update (ELSA-2021-4381) gnome-online-accounts-3.28.2-3.el8.x86_64.rpm | Linux |
| Gnome-online-accounts-devel update (ELSA-2021-4381) gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm | Linux |
| Gnome-online-accounts-devel update (ELSA-2021-4381) gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm | Linux |
| Gnome-session update (ELSA-2021-4381) gnome-session-3.28.1-13.0.1.el8.x86_64.rpm | Linux |
| Gnome-session-kiosk-session update (ELSA-2021-4381) gnome-session-kiosk-session-3.28.1-13.0.1.el8.x86_64.rpm | Linux |
| Gnome-session-wayland-session update (ELSA-2021-4381) gnome-session-wayland-session-3.28.1-13.0.1.el8.x86_64.rpm | Linux |
| Gnome-session-xsession update (ELSA-2021-4381) gnome-session-xsession-3.28.1-13.0.1.el8.x86_64.rpm | Linux |
| Gnome-settings-daemon update (ELSA-2021-4381) gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm | Linux |
| Gnome-shell update (ELSA-2021-4381) gnome-shell-3.32.2-40.el8.x86_64.rpm | Linux |
| Gnome-shell-extension-apps-menu update (ELSA-2021-4381) gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-auto-move-windows update (ELSA-2021-4381) gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-common update (ELSA-2021-4381) gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-dash-to-dock update (ELSA-2021-4381) gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-desktop-icons update (ELSA-2021-4381) gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-disable-screenshield update (ELSA-2021-4381) gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-drive-menu update (ELSA-2021-4381) gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-gesture-inhibitor update (ELSA-2021-4381) gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-horizontal-workspaces update (ELSA-2021-4381) gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-launch-new-instance update (ELSA-2021-4381) gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-native-window-placement update (ELSA-2021-4381) gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-no-hot-corner update (ELSA-2021-4381) gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-panel-favorites update (ELSA-2021-4381) gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-places-menu update (ELSA-2021-4381) gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-screenshot-window-sizer update (ELSA-2021-4381) gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-systemMonitor update (ELSA-2021-4381) gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-top-icons update (ELSA-2021-4381) gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-updates-dialog update (ELSA-2021-4381) gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-user-theme update (ELSA-2021-4381) gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-window-grouper update (ELSA-2021-4381) gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-window-list update (ELSA-2021-4381) gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-windowsNavigator update (ELSA-2021-4381) gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-shell-extension-workspace-indicator update (ELSA-2021-4381) gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm | Linux |
| Gnome-software update (ELSA-2021-4381) gnome-software-3.36.1-10.el8.x86_64.rpm | Linux |
| Gsettings-desktop-schemas update (ELSA-2021-4381) gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm | Linux |
| Gsettings-desktop-schemas update (ELSA-2021-4381) gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm | Linux |
| Gsettings-desktop-schemas-devel update (ELSA-2021-4381) gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm | Linux |
| Gsettings-desktop-schemas-devel update (ELSA-2021-4381) gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm | Linux |
| Gtk-update-icon-cache update (ELSA-2021-4381) gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm | Linux |
| Gtk3 update (ELSA-2021-4381) gtk3-3.22.30-8.el8.i686.rpm | Linux |
| Gtk3 update (ELSA-2021-4381) gtk3-3.22.30-8.el8.x86_64.rpm | Linux |
| Gtk3-devel update (ELSA-2021-4381) gtk3-devel-3.22.30-8.el8.i686.rpm | Linux |
| Gtk3-devel update (ELSA-2021-4381) gtk3-devel-3.22.30-8.el8.x86_64.rpm | Linux |
| Gtk3-immodule-xim update (ELSA-2021-4381) gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm | Linux |
| Mutter update (ELSA-2021-4381) mutter-3.32.2-60.el8.i686.rpm | Linux |
| Mutter update (ELSA-2021-4381) mutter-3.32.2-60.el8.x86_64.rpm | Linux |
| Vino update (ELSA-2021-4381) vino-3.22.0-11.el8.x86_64.rpm | Linux |
| Webkit2gtk3 update (ELSA-2021-4381) webkit2gtk3-2.32.3-2.el8.i686.rpm | Linux |
| Webkit2gtk3 update (ELSA-2021-4381) webkit2gtk3-2.32.3-2.el8.x86_64.rpm | Linux |
| Webkit2gtk3-devel update (ELSA-2021-4381) webkit2gtk3-devel-2.32.3-2.el8.i686.rpm | Linux |
| Webkit2gtk3-devel update (ELSA-2021-4381) webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm | Linux |
| Webkit2gtk3-jsc update (ELSA-2021-4381) webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm | Linux |
| Webkit2gtk3-jsc update (ELSA-2021-4381) webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm | Linux |
| Webkit2gtk3-jsc-devel update (ELSA-2021-4381) webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm | Linux |
| Webkit2gtk3-jsc-devel update (ELSA-2021-4381) webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update vino-3.22.0-11.el8.x86_64.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gnome-autoar-0.2.3-2.el8.i686.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gnome-autoar-0.2.3-2.el8.x86_64.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gnome-calculator-3.28.2-2.el8.x86_64.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm | Linux |
| Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2021:4381) gnome-settings-daemon-3.32.0-16.el8_6.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-316162 | iCloud (7.21.0.23) (Deployment-Only) |
| PATCH-342817 | Apple iTunes (X64) (12.13.4.4) |
| PATCH-310919 | Apple iTunes (X64) (12.10.0.7) |
| PATCH-342816 | Apple iTunes (12.13.4.4) |
| PATCH-310917 | Apple iTunes (12.10.0.7) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-612606 | Apple Safari for MAC (MacOS Sequoia) (26.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234