Details of VAR-202205-1322

ID

VAR-202205-1322

CVE

CVE-2022-26718

TITLE

macOS Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011206

DESCRIPTION

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. macOS Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-26718 // JVNDB: JVNDB-2022-011206 // VULHUB: VHN-417387 // VULMON: CVE-2022-26718

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	11.0 that's all 11.6.6	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.4	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011206 // NVD: CVE-2022-26718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26718
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26718
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3437
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417387
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26718
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417387
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26718
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26718
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417387 // JVNDB: JVNDB-2022-011206 // CNNVD: CNNVD-202205-3437 // NVD: CVE-2022-26718

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417387 // JVNDB: JVNDB-2022-011206 // NVD: CVE-2022-26718

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3437

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3437

PATCH

title:	HT213256 Apple Security update	url:	https://support.apple.com/en-us/HT213256	Trust: 0.8
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195349	Trust: 0.6
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1

sources: VULMON: CVE-2022-26718 // JVNDB: JVNDB-2022-011206 // CNNVD: CNNVD-202205-3437

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26718	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011206	Trust: 0.8
db:	CS-HELP	id:	SB2022051702	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2412	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3437	Trust: 0.6
db:	VULHUB	id:	VHN-417387	Trust: 0.1
db:	VULMON	id:	CVE-2022-26718	Trust: 0.1

sources: VULHUB: VHN-417387 // VULMON: CVE-2022-26718 // JVNDB: JVNDB-2022-011206 // CNNVD: CNNVD-202205-3437 // NVD: CVE-2022-26718

REFERENCES

url:	https://support.apple.com/en-us/ht213256	Trust: 2.3
url:	https://support.apple.com/en-us/ht213257	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26718	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26718/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051702	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2412	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381	Trust: 0.6
url:	https://support.apple.com/kb/ht213257	Trust: 0.1

sources: VULHUB: VHN-417387 // VULMON: CVE-2022-26718 // JVNDB: JVNDB-2022-011206 // CNNVD: CNNVD-202205-3437 // NVD: CVE-2022-26718

SOURCES

db:	VULHUB	id:	VHN-417387
db:	VULMON	id:	CVE-2022-26718
db:	JVNDB	id:	JVNDB-2022-011206
db:	CNNVD	id:	CNNVD-202205-3437
db:	NVD	id:	CVE-2022-26718

LAST UPDATE DATE

2024-08-14T12:34:44.651000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417387	date:	2022-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-011206	date:	2023-08-21T04:51:00
db:	CNNVD	id:	CNNVD-202205-3437	date:	2022-06-09T00:00:00
db:	NVD	id:	CVE-2022-26718	date:	2022-06-08T00:23:55.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417387	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011206	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202205-3437	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26718	date:	2022-05-26T19:15:08.463