ID

VAR-202201-0457


CVE

CVE-2022-22591


TITLE

macOS Monterey  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009001

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. macOS Monterey Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213054. CVE-2022-22586: an anonymous researcher ColorSync Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: macOS Monterey Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: macOS Monterey Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro PackageKit Available for: macOS Monterey Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point WebKit Available for: macOS Monterey Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: macOS Monterey Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition Kernel We would like to acknowledge Tao Huang for their assistance. Metal We would like to acknowledge Tao Huang for their assistance. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p rhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq CmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE lzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx Ew7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ 1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap jS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf 0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA dODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP eQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE kSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE wwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI= =WEmw -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // PACKETSTORM: 165772

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.2

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.2

Trust: 0.8

sources: JVNDB: JVNDB-2022-009001 // NVD: CVE-2022-22591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22591
value: HIGH

Trust: 1.0

NVD: CVE-2022-22591
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-2404
value: HIGH

Trust: 0.6

VULHUB: VHN-411219
value: HIGH

Trust: 0.1

VULMON: CVE-2022-22591
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22591
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411219
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22591
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22591
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-411219 // JVNDB: JVNDB-2022-009001 // NVD: CVE-2022-22591

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2404

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202201-2404

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411219

PATCH

title:HT213054url:https://support.apple.com/en-us/HT213054

Trust: 0.8

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179623

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // CNNVD: CNNVD-202201-2404

EXTERNAL IDS

db:NVDid:CVE-2022-22591

Trust: 3.5

db:PACKETSTORMid:165772

Trust: 0.8

db:JVNDBid:JVNDB-2022-009001

Trust: 0.8

db:AUSCERTid:ESB-2022.0399

Trust: 0.6

db:CS-HELPid:SB2022012635

Trust: 0.6

db:CNNVDid:CNNVD-202201-2404

Trust: 0.6

db:VULHUBid:VHN-411219

Trust: 0.1

db:VULMONid:CVE-2022-22591

Trust: 0.1

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // PACKETSTORM: 165772 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

REFERENCES

url:https://support.apple.com/en-us/ht213054

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22591

Trust: 0.9

url:https://www.auscert.org.au/bulletins/esb-2022.0399

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012635

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22591/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37394

Trust: 0.6

url:https://packetstormsecurity.com/files/165772/apple-security-advisory-2022-01-26-2.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2022/jan/82

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22584

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://support.apple.com/ht213054.

Trust: 0.1

url:https://xlab.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22594

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22593

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22585

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22579

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22578

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22592

Trust: 0.1

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // PACKETSTORM: 165772 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165772

SOURCES

db:VULHUBid:VHN-411219
db:VULMONid:CVE-2022-22591
db:JVNDBid:JVNDB-2022-009001
db:PACKETSTORMid:165772
db:CNNVDid:CNNVD-202201-2404
db:NVDid:CVE-2022-22591

LAST UPDATE DATE

2024-08-14T12:36:17.424000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411219date:2022-03-26T00:00:00
db:VULMONid:CVE-2022-22591date:2022-03-26T00:00:00
db:JVNDBid:JVNDB-2022-009001date:2023-08-02T06:53:00
db:CNNVDid:CNNVD-202201-2404date:2022-03-28T00:00:00
db:NVDid:CVE-2022-22591date:2022-03-26T03:58:32.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-411219date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22591date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-009001date:2023-08-02T00:00:00
db:PACKETSTORMid:165772date:2022-01-31T15:46:05
db:CNNVDid:CNNVD-202201-2404date:2022-01-26T00:00:00
db:NVDid:CVE-2022-22591date:2022-03-18T18:15:12.720