ID

VAR-202205-1288


CVE

CVE-2022-26775


TITLE

macOS  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011430

DESCRIPTION

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. macOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. macOS Monterey 12.4

Trust: 1.8

sources: NVD: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // VULHUB: VHN-417444 // VULMON: CVE-2022-26775

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.4

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011430 // NVD: CVE-2022-26775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26775
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-26775
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202205-3434
value: CRITICAL

Trust: 0.6

VULHUB: VHN-417444
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-26775
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-417444
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-26775
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-26775
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-417444 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-417444 // JVNDB: JVNDB-2022-011430 // NVD: CVE-2022-26775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3434

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3434

PATCH

title:HT213255 Apple  Security updateurl:https://support.apple.com/en-us/HT213255

Trust: 0.8

title:Apple macOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195348

Trust: 0.6

title:Apple: macOS Monterey 12.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619

Trust: 0.1

sources: VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434

EXTERNAL IDS

db:NVDid:CVE-2022-26775

Trust: 3.4

db:JVNDBid:JVNDB-2022-011430

Trust: 0.8

db:AUSCERTid:ESB-2022.2411

Trust: 0.6

db:CS-HELPid:SB2022051703

Trust: 0.6

db:CNNVDid:CNNVD-202205-3434

Trust: 0.6

db:VULHUBid:VHN-417444

Trust: 0.1

db:VULMONid:CVE-2022-26775

Trust: 0.1

sources: VULHUB: VHN-417444 // VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

REFERENCES

url:https://support.apple.com/en-us/ht213255

Trust: 2.3

url:https://support.apple.com/kb/ht213253

Trust: 1.7

url:https://support.apple.com/kb/ht213254

Trust: 1.7

url:https://support.apple.com/kb/ht213258

Trust: 1.7

url:https://support.apple.com/en-us/ht213257

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-26775

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022051703

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-26775/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2411

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381

Trust: 0.6

url:https://support.apple.com/kb/ht213257

Trust: 0.1

sources: VULHUB: VHN-417444 // VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

SOURCES

db:VULHUBid:VHN-417444
db:VULMONid:CVE-2022-26775
db:JVNDBid:JVNDB-2022-011430
db:CNNVDid:CNNVD-202205-3434
db:NVDid:CVE-2022-26775

LAST UPDATE DATE

2024-08-14T13:14:16.284000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-417444date:2022-06-23T00:00:00
db:JVNDBid:JVNDB-2022-011430date:2023-08-22T05:07:00
db:CNNVDid:CNNVD-202205-3434date:2022-06-24T00:00:00
db:NVDid:CVE-2022-26775date:2022-06-23T17:15:12.477

SOURCES RELEASE DATE

db:VULHUBid:VHN-417444date:2022-05-26T00:00:00
db:JVNDBid:JVNDB-2022-011430date:2023-08-22T00:00:00
db:CNNVDid:CNNVD-202205-3434date:2022-05-16T00:00:00
db:NVDid:CVE-2022-26775date:2022-05-26T20:15:10.127