ID

VAR-202205-2046


CVE

CVE-2022-22672


TITLE

plural  Apple  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-011807

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. iOS , iPadOS , tvOS macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS version 15.4 and iPadOS version 15.4 have a security flaw that stems from memory corruption

Trust: 1.8

sources: NVD: CVE-2022-22672 // JVNDB: JVNDB-2022-011807 // VULHUB: VHN-411300 // VULMON: CVE-2022-22672

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:11.6.5

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.4

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011807 // NVD: CVE-2022-22672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22672
value: HIGH

Trust: 1.0

NVD: CVE-2022-22672
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-4223
value: HIGH

Trust: 0.6

VULHUB: VHN-411300
value: HIGH

Trust: 0.1

VULMON: CVE-2022-22672
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22672
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411300
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22672
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22672
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411300 // VULMON: CVE-2022-22672 // JVNDB: JVNDB-2022-011807 // CNNVD: CNNVD-202205-4223 // NVD: CVE-2022-22672

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-411300 // JVNDB: JVNDB-2022-011807 // NVD: CVE-2022-22672

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-4223

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-4223

PATCH

title:HT213184 Apple  Security updateurl:https://support.apple.com/en-us/HT213182

Trust: 0.8

title:Apple iOS and Apple iPadOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195369

Trust: 0.6

title:n-daysurl:https://github.com/b1n4r1b01/n-days

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22672 // JVNDB: JVNDB-2022-011807 // CNNVD: CNNVD-202205-4223

EXTERNAL IDS

db:NVDid:CVE-2022-22672

Trust: 3.4

db:JVNDBid:JVNDB-2022-011807

Trust: 0.8

db:CNNVDid:CNNVD-202205-4223

Trust: 0.7

db:VULHUBid:VHN-411300

Trust: 0.1

db:VULMONid:CVE-2022-22672

Trust: 0.1

sources: VULHUB: VHN-411300 // VULMON: CVE-2022-22672 // JVNDB: JVNDB-2022-011807 // CNNVD: CNNVD-202205-4223 // NVD: CVE-2022-22672

REFERENCES

url:https://support.apple.com/en-us/ht213182

Trust: 1.8

url:https://support.apple.com/en-us/ht213183

Trust: 1.8

url:https://support.apple.com/en-us/ht213184

Trust: 1.8

url:https://support.apple.com/en-us/ht213185

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-22672

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22672/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/b1n4r1b01/n-days

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-411300 // VULMON: CVE-2022-22672 // JVNDB: JVNDB-2022-011807 // CNNVD: CNNVD-202205-4223 // NVD: CVE-2022-22672

SOURCES

db:VULHUBid:VHN-411300
db:VULMONid:CVE-2022-22672
db:JVNDBid:JVNDB-2022-011807
db:CNNVDid:CNNVD-202205-4223
db:NVDid:CVE-2022-22672

LAST UPDATE DATE

2024-08-14T15:16:41.316000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411300date:2022-06-08T00:00:00
db:VULMONid:CVE-2022-22672date:2022-06-08T00:00:00
db:JVNDBid:JVNDB-2022-011807date:2023-08-24T02:22:00
db:CNNVDid:CNNVD-202205-4223date:2022-06-09T00:00:00
db:NVDid:CVE-2022-22672date:2022-06-08T17:51:50.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-411300date:2022-05-26T00:00:00
db:VULMONid:CVE-2022-22672date:2022-05-26T00:00:00
db:JVNDBid:JVNDB-2022-011807date:2023-08-24T00:00:00
db:CNNVDid:CNNVD-202205-4223date:2022-05-26T00:00:00
db:NVDid:CVE-2022-22672date:2022-05-26T18:15:09.007