Details of VAR-202201-0457

ID

VAR-202201-0457

CVE

CVE-2022-22591

TITLE

macOS Monterey Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009001

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. macOS Monterey Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213054. CVE-2022-22586: an anonymous researcher ColorSync Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: macOS Monterey Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: macOS Monterey Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro PackageKit Available for: macOS Monterey Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point WebKit Available for: macOS Monterey Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: macOS Monterey Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition Kernel We would like to acknowledge Tao Huang for their assistance. Metal We would like to acknowledge Tao Huang for their assistance. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p rhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq CmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE lzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx Ew7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ 1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap jS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf 0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA dODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP eQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE kSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE wwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI= =WEmw -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // PACKETSTORM: 165772

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.2	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	12.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-009001 // NVD: CVE-2022-22591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22591
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22591
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-2404
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411219
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-22591
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22591
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411219
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22591
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22591
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411219 // JVNDB: JVNDB-2022-009001 // NVD: CVE-2022-22591

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2404

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202201-2404

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411219

PATCH

title:	HT213054	url:	https://support.apple.com/en-us/HT213054	Trust: 0.8
title:	Apple macOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179623	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // CNNVD: CNNVD-202201-2404

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22591	Trust: 3.5
db:	PACKETSTORM	id:	165772	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009001	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.0399	Trust: 0.6
db:	CS-HELP	id:	SB2022012635	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-2404	Trust: 0.6
db:	VULHUB	id:	VHN-411219	Trust: 0.1
db:	VULMON	id:	CVE-2022-22591	Trust: 0.1

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // PACKETSTORM: 165772 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

REFERENCES

url:	https://support.apple.com/en-us/ht213054	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22591	Trust: 0.9
url:	https://www.auscert.org.au/bulletins/esb-2022.0399	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012635	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22591/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37394	Trust: 0.6
url:	https://packetstormsecurity.com/files/165772/apple-security-advisory-2022-01-26-2.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2022/jan/82	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22584	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://support.apple.com/ht213054.	Trust: 0.1
url:	https://xlab.tencent.com)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22594	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22593	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22587	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22585	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22579	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22578	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22592	Trust: 0.1

sources: VULHUB: VHN-411219 // VULMON: CVE-2022-22591 // JVNDB: JVNDB-2022-009001 // PACKETSTORM: 165772 // CNNVD: CNNVD-202201-2404 // NVD: CVE-2022-22591

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165772

SOURCES

db:	VULHUB	id:	VHN-411219
db:	VULMON	id:	CVE-2022-22591
db:	JVNDB	id:	JVNDB-2022-009001
db:	PACKETSTORM	id:	165772
db:	CNNVD	id:	CNNVD-202201-2404
db:	NVD	id:	CVE-2022-22591

LAST UPDATE DATE

2024-08-14T12:36:17.424000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411219	date:	2022-03-26T00:00:00
db:	VULMON	id:	CVE-2022-22591	date:	2022-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-009001	date:	2023-08-02T06:53:00
db:	CNNVD	id:	CNNVD-202201-2404	date:	2022-03-28T00:00:00
db:	NVD	id:	CVE-2022-22591	date:	2022-03-26T03:58:32.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411219	date:	2022-03-18T00:00:00
db:	VULMON	id:	CVE-2022-22591	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-009001	date:	2023-08-02T00:00:00
db:	PACKETSTORM	id:	165772	date:	2022-01-31T15:46:05
db:	CNNVD	id:	CNNVD-202201-2404	date:	2022-01-26T00:00:00
db:	NVD	id:	CVE-2022-22591	date:	2022-03-18T18:15:12.720