Details of VAR-202203-0010

ID

VAR-202203-0010

CVE

CVE-2022-22669

TITLE

macOS Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008334

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. macOS Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-22669 // JVNDB: JVNDB-2022-008334 // VULHUB: VHN-411297 // VULMON: CVE-2022-22669

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.3	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-008334 // NVD: CVE-2022-22669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22669
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22669
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-1241
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411297
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-22669
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22669
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411297
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22669
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22669
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411297 // VULMON: CVE-2022-22669 // JVNDB: JVNDB-2022-008334 // CNNVD: CNNVD-202203-1241 // NVD: CVE-2022-22669

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411297 // JVNDB: JVNDB-2022-008334 // NVD: CVE-2022-22669

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1241

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1241

PATCH

title:	HT213183	url:	https://support.apple.com/en-us/HT213183	Trust: 0.8
title:	Apple macOS Monterey Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185743	Trust: 0.6
title:	Apple: macOS Monterey 12.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22669 // JVNDB: JVNDB-2022-008334 // CNNVD: CNNVD-202203-1241

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22669	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-008334	Trust: 0.8
db:	CS-HELP	id:	SB2022031433	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1241	Trust: 0.6
db:	VULHUB	id:	VHN-411297	Trust: 0.1
db:	VULMON	id:	CVE-2022-22669	Trust: 0.1

sources: VULHUB: VHN-411297 // VULMON: CVE-2022-22669 // JVNDB: JVNDB-2022-008334 // CNNVD: CNNVD-202203-1241 // NVD: CVE-2022-22669

REFERENCES

url:	https://support.apple.com/en-us/ht213183	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22669	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22669/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031433	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht213183	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411297 // VULMON: CVE-2022-22669 // JVNDB: JVNDB-2022-008334 // CNNVD: CNNVD-202203-1241 // NVD: CVE-2022-22669

SOURCES

db:	VULHUB	id:	VHN-411297
db:	VULMON	id:	CVE-2022-22669
db:	JVNDB	id:	JVNDB-2022-008334
db:	CNNVD	id:	CNNVD-202203-1241
db:	NVD	id:	CVE-2022-22669

LAST UPDATE DATE

2024-08-14T12:04:50.160000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411297	date:	2022-03-24T00:00:00
db:	VULMON	id:	CVE-2022-22669	date:	2022-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-008334	date:	2023-07-26T06:20:00
db:	CNNVD	id:	CNNVD-202203-1241	date:	2022-03-25T00:00:00
db:	NVD	id:	CVE-2022-22669	date:	2022-03-24T15:26:24.510

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411297	date:	2022-03-18T00:00:00
db:	VULMON	id:	CVE-2022-22669	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-008334	date:	2023-07-26T00:00:00
db:	CNNVD	id:	CNNVD-202203-1241	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2022-22669	date:	2022-03-18T18:15:15.240