CVE-2020-3894 : A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, S

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.

Published 2020-04-01 18:15:16

Updated 2022-06-02 18:43:04

Source Apple Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-3894

Probability of exploitation activity in the next 30 days: 1.78%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-3894

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:P/I:N/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N	1.6	1.4	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2020-3894

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-3894

https://support.apple.com/HT211105

About the security content of iTunes 12.10.5 for Windows - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT211107

About the security content of iCloud for Windows 7.18 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT211102

About the security content of iOS 13.4 and iPadOS 13.4 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT211104

About the security content of Safari 13.1 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT211101

About the security content of tvOS 13.4 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT211106

About the security content of iCloud for Windows 10.9.3 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2020-3894

Apple » Safari
Versions before (<) 13.1
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Itunes » For Windows
Versions before (<) 12.10.5
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 13.4
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Icloud » For Windows
Versions before (<) 10.9.3
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
Matching versions
Apple » Tvos
Versions before (<) 13.4
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Ipad Os
Versions before (<) 13.4
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-3894

Exploit prediction scoring system (EPSS) score for CVE-2020-3894

CVSS scores for CVE-2020-3894

CWE ids for CVE-2020-3894

References for CVE-2020-3894

Products affected by CVE-2020-3894