CVE-2020-3840

Summary

An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AppleiOSunspecified < iOS 13.3.1 and iPadOS 13.3.1affected
ApplemacOSunspecified < macOS Catalina 10.15.3affected
AppletvOSunspecified < tvOS 13.3.1affected

Weaknesses

  • Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution

ADP Enrichment

CVE Program Container

Additional References

References