Details of VAR-202205-1288

ID

VAR-202205-1288

CVE

CVE-2022-26775

TITLE

macOS Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011430

DESCRIPTION

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. macOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. macOS Monterey 12.4

Trust: 1.8

sources: NVD: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // VULHUB: VHN-417444 // VULMON: CVE-2022-26775

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011430 // NVD: CVE-2022-26775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26775
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-26775
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202205-3434
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-417444
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-26775
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417444
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26775
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26775
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417444 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417444 // JVNDB: JVNDB-2022-011430 // NVD: CVE-2022-26775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3434

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3434

PATCH

title:	HT213255 Apple Security update	url:	https://support.apple.com/en-us/HT213255	Trust: 0.8
title:	Apple macOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195348	Trust: 0.6
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1

sources: VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26775	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011430	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3434	Trust: 0.6
db:	VULHUB	id:	VHN-417444	Trust: 0.1
db:	VULMON	id:	CVE-2022-26775	Trust: 0.1

sources: VULHUB: VHN-417444 // VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

REFERENCES

url:	https://support.apple.com/en-us/ht213255	Trust: 2.3
url:	https://support.apple.com/kb/ht213253	Trust: 1.7
url:	https://support.apple.com/kb/ht213254	Trust: 1.7
url:	https://support.apple.com/kb/ht213258	Trust: 1.7
url:	https://support.apple.com/en-us/ht213257	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26775	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26775/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381	Trust: 0.6
url:	https://support.apple.com/kb/ht213257	Trust: 0.1

sources: VULHUB: VHN-417444 // VULMON: CVE-2022-26775 // JVNDB: JVNDB-2022-011430 // CNNVD: CNNVD-202205-3434 // NVD: CVE-2022-26775

SOURCES

db:	VULHUB	id:	VHN-417444
db:	VULMON	id:	CVE-2022-26775
db:	JVNDB	id:	JVNDB-2022-011430
db:	CNNVD	id:	CNNVD-202205-3434
db:	NVD	id:	CVE-2022-26775

LAST UPDATE DATE

2024-08-14T13:14:16.284000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417444	date:	2022-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-011430	date:	2023-08-22T05:07:00
db:	CNNVD	id:	CNNVD-202205-3434	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2022-26775	date:	2022-06-23T17:15:12.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417444	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011430	date:	2023-08-22T00:00:00
db:	CNNVD	id:	CNNVD-202205-3434	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26775	date:	2022-05-26T20:15:10.127