ID

VAR-202201-1613


CVE

CVE-2022-22588


TITLE

iOS  and  iPadOS  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008342

DESCRIPTION

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. iOS and iPadOS Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 iOS 15.2.1 and iPadOS 15.2.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213043. HomeKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted HomeKit accessory name may cause a denial of service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2022-22588: Trevor Spiniolas (@TrevorSpiniolas) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be “15.2.1" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHfE9AACgkQeC9qKD1p rhhj/Q/8DR6CzP7GPavXxSxdAA7WPqQqcWDHFChGWftw8sNJlpNSJEgMY1ueUMiv sIbY9z7X0QpC81fJWYqEgE7Y4CDnyfabtOQDgdhK6QcpEl+qNPiWbLnga6+rptFj ZLneWJ4kqneyav4ZAlKu8wTLYr8O/yvwYBfsLXXtE7gixFEdbsLjOr4DEs8UzZhG upo9rNw4UFMcxjItKtqjmOgt2hLlFi6RmCKDUUi0j6BbpPSMqTLVpTrUCakePm+u wUI8sbjvRYMDrL+Q5KsryU1M3x1RmCdXxKtwfOsaEHPhExnmUruItypXRybFwUKy PL2RCwDPKoCk9I5ueJ7zXN80d5zn5cZ2Mgxz8u9hYDqYECxD4P/6uaMhXi4Nt96t q6UNiyNVKGpLL2CAJ6tdzfiqEVnCSkDoi6XykQ0OCq2va0Daouhd0b3TBKFXB8Be XVEDbgvts4klZ2bY7IDdJ/ZcWnywpmgROksRbIC7O17sfyaZA47/5aASpljKkxX+ w1KwP7bJOXZr0V9R3hmR+S59XqRN9yqfo64loJDlmSFEjUv6CLzLa8eYHXizZ1Hd RUB4V8F9qtsGx+fF8vLmrpOA0g6AUvmwcFIcC8AP4XHDG5B8mA/UZoenbibitHE+ zqxj+H8ViEMw0/Tbxac7AqYzNifRfvaSCj4g4vys6H1NBYVSbn0= =OflK -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-22588 // JVNDB: JVNDB-2022-008342 // VULHUB: VHN-411216 // VULMON: CVE-2022-22588 // PACKETSTORM: 165537

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:15.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.2.1

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:eqversion:15.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-008342 // NVD: CVE-2022-22588

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22588
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22588
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202201-951
value: MEDIUM

Trust: 0.6

VULHUB: VHN-411216
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22588
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22588
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22588
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-22588
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411216 // VULMON: CVE-2022-22588 // JVNDB: JVNDB-2022-008342 // CNNVD: CNNVD-202201-951 // NVD: CVE-2022-22588

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-400

Trust: 0.1

sources: VULHUB: VHN-411216 // JVNDB: JVNDB-2022-008342 // NVD: CVE-2022-22588

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-951

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202201-951

PATCH

title:HT213043url:https://support.apple.com/en-us/HT213043

Trust: 0.8

title:Apple iOS and iPadOS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177747

Trust: 0.6

title:PoC in GitHuburl:https://github.com/soosmile/POC

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22588 // JVNDB: JVNDB-2022-008342 // CNNVD: CNNVD-202201-951

EXTERNAL IDS

db:NVDid:CVE-2022-22588

Trust: 3.5

db:PACKETSTORMid:165537

Trust: 0.8

db:JVNDBid:JVNDB-2022-008342

Trust: 0.8

db:CS-HELPid:SB2022011215

Trust: 0.6

db:AUSCERTid:ESB-2022.0162

Trust: 0.6

db:CNNVDid:CNNVD-202201-951

Trust: 0.6

db:VULHUBid:VHN-411216

Trust: 0.1

db:VULMONid:CVE-2022-22588

Trust: 0.1

sources: VULHUB: VHN-411216 // VULMON: CVE-2022-22588 // JVNDB: JVNDB-2022-008342 // PACKETSTORM: 165537 // CNNVD: CNNVD-202201-951 // NVD: CVE-2022-22588

REFERENCES

url:https://support.apple.com/en-us/ht213043

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22588

Trust: 0.9

url:https://vigilance.fr/vulnerability/apple-ios-overload-via-homekit-accessory-name-37237

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011215

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22588/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0162

Trust: 0.6

url:https://packetstormsecurity.com/files/165537/apple-security-advisory-2022-01-12-1.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:http://seclists.org/fulldisclosure/2022/jan/32

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht213043.

Trust: 0.1

sources: VULHUB: VHN-411216 // VULMON: CVE-2022-22588 // JVNDB: JVNDB-2022-008342 // PACKETSTORM: 165537 // CNNVD: CNNVD-202201-951 // NVD: CVE-2022-22588

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165537

SOURCES

db:VULHUBid:VHN-411216
db:VULMONid:CVE-2022-22588
db:JVNDBid:JVNDB-2022-008342
db:PACKETSTORMid:165537
db:CNNVDid:CNNVD-202201-951
db:NVDid:CVE-2022-22588

LAST UPDATE DATE

2024-08-14T15:11:37.881000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411216date:2022-03-24T00:00:00
db:VULMONid:CVE-2022-22588date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2022-008342date:2023-07-26T06:43:00
db:CNNVDid:CNNVD-202201-951date:2022-03-25T00:00:00
db:NVDid:CVE-2022-22588date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-411216date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22588date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-008342date:2023-07-26T00:00:00
db:PACKETSTORMid:165537date:2022-01-13T16:15:08
db:CNNVDid:CNNVD-202201-951date:2022-01-12T00:00:00
db:NVDid:CVE-2022-22588date:2022-03-18T18:15:12.520