Details of VAR-202207-1443

ID

VAR-202207-1443

CVE

CVE-2022-32798

TITLE

apple's macOS Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018245

DESCRIPTION

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. apple's macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. The vulnerability stems from a boundary error in the processing of untrusted input in the SMB component. An attacker can exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the target system

Trust: 1.8

sources: NVD: CVE-2022-32798 // JVNDB: JVNDB-2022-018245 // VULHUB: VHN-424887 // VULMON: CVE-2022-32798

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018245 // NVD: CVE-2022-32798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32798
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32798
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2011
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32798
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32798
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018245 // CNNVD: CNNVD-202207-2011 // NVD: CVE-2022-32798

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-424887 // JVNDB: JVNDB-2022-018245 // NVD: CVE-2022-32798

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2011

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2011

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213345	Trust: 0.8
title:	Apple macOS Monterey Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209234	Trust: 0.6
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-32798 // JVNDB: JVNDB-2022-018245 // CNNVD: CNNVD-202207-2011

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32798	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-018245	Trust: 0.8
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3559	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2011	Trust: 0.6
db:	CNVD	id:	CNVD-2022-71992	Trust: 0.1
db:	VULHUB	id:	VHN-424887	Trust: 0.1
db:	VULMON	id:	CVE-2022-32798	Trust: 0.1

sources: VULHUB: VHN-424887 // VULMON: CVE-2022-32798 // JVNDB: JVNDB-2022-018245 // CNNVD: CNNVD-202207-2011 // NVD: CVE-2022-32798

REFERENCES

url:	https://support.apple.com/en-us/ht213345	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32798	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3559	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32798/	Trust: 0.6
url:	https://support.apple.com/kb/ht213345	Trust: 0.1

sources: VULHUB: VHN-424887 // VULMON: CVE-2022-32798 // JVNDB: JVNDB-2022-018245 // CNNVD: CNNVD-202207-2011 // NVD: CVE-2022-32798

SOURCES

db:	VULHUB	id:	VHN-424887
db:	VULMON	id:	CVE-2022-32798
db:	JVNDB	id:	JVNDB-2022-018245
db:	CNNVD	id:	CNNVD-202207-2011
db:	NVD	id:	CVE-2022-32798

LAST UPDATE DATE

2024-08-14T12:09:47.736000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424887	date:	2022-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-018245	date:	2023-10-19T05:37:00
db:	CNNVD	id:	CNNVD-202207-2011	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-32798	date:	2022-09-27T16:54:49.177

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424887	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-018245	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202207-2011	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32798	date:	2022-09-23T19:15:12.527