{"cve":{"cve_id":"CVE-2020-3837","is_kev":true,"kev_date_added":"2022-06-27","kev_vendor_project":"Apple","kev_product":"Multiple Products","kev_vulnerability_name":"Apple Multiple Products Memory Corruption Vulnerability","kev_short_description":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-07-18","kev_known_ransomware":false,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2020-3837","kev_cwes":["CWE-787"],"epss_score":0.16111,"epss_percentile":0.96506,"epss_as_of":"2026-06-23","description":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.","published_at":"2020-02-27T20:45:04Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-787"],"nvd_references":["https://support.apple.com/HT210919","https://support.apple.com/HT210918","https://support.apple.com/HT210921","https://support.apple.com/HT210920"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:14:20.256874Z"},"effective_severity":"HIGH","badges":["kev"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ios","product_name":"iOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"iOS 13.3.1 and iPadOS 13.3.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ios:unspecified:iOS 13.3.1 and iPadOS 13.3.1"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"macos","product_name":"macOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"macOS Catalina 10.15.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:macos:unspecified:macOS Catalina 10.15.3"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"tvos","product_name":"tvOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"tvOS 13.3.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:tvos:unspecified:tvOS 13.3.1"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"watchos","product_name":"watchOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"watchOS 6.1.2","version_end_inclusive":false,"cpe23_uri":"cve5:apple:watchos:unspecified:watchOS 6.1.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.apple.com/HT210919","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/HT210918","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/HT210921","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/HT210920","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2020-02-27T20:45:04Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2022-06-27T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"}]}