Vulnerability Details CVE-2020-4068
In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 7.5
References
- https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f
- https://github.com/kylebrowning/APNSwift/issues/31
- https://github.com/kylebrowning/APNSwift/pull/32
- https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg
- https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f
- https://github.com/kylebrowning/APNSwift/issues/31
- https://github.com/kylebrowning/APNSwift/pull/32
- https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg
Products affected by CVE-2020-4068
-
cpe:2.3:a:apnswift_project:apnswift:1.0.0