Details of VAR-202207-1467

ID

VAR-202207-1467

CVE

CVE-2022-32829

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018213

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. A buffer overflow vulnerability exists in Apple iOS. The vulnerability is caused by a boundary error in the operating system kernel when processing untrusted input. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32829 // JVNDB: JVNDB-2022-018213 // VULHUB: VHN-424918 // VULMON: CVE-2022-32829

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018213 // NVD: CVE-2022-32829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32829
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32829
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2030
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32829
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32829
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018213 // CNNVD: CNNVD-202207-2030 // NVD: CVE-2022-32829

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018213 // NVD: CVE-2022-32829

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2030

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2030

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213345	Trust: 0.8
title:	Multiple Apple product Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=208988	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-32829 // JVNDB: JVNDB-2022-018213 // CNNVD: CNNVD-202207-2030

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32829	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-018213	Trust: 0.8
db:	CS-HELP	id:	SB2022072105	Trust: 0.6
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3559	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2030	Trust: 0.6
db:	CNVD	id:	CNVD-2022-71997	Trust: 0.1
db:	VULHUB	id:	VHN-424918	Trust: 0.1
db:	VULMON	id:	CVE-2022-32829	Trust: 0.1

sources: VULHUB: VHN-424918 // VULMON: CVE-2022-32829 // JVNDB: JVNDB-2022-018213 // CNNVD: CNNVD-202207-2030 // NVD: CVE-2022-32829

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213345	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32829	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3559	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072105	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32829/	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424918 // VULMON: CVE-2022-32829 // JVNDB: JVNDB-2022-018213 // CNNVD: CNNVD-202207-2030 // NVD: CVE-2022-32829

SOURCES

db:	VULHUB	id:	VHN-424918
db:	VULMON	id:	CVE-2022-32829
db:	JVNDB	id:	JVNDB-2022-018213
db:	CNNVD	id:	CNNVD-202207-2030
db:	NVD	id:	CVE-2022-32829

LAST UPDATE DATE

2024-08-14T12:15:55.777000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424918	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-018213	date:	2023-10-19T03:17:00
db:	CNNVD	id:	CNNVD-202207-2030	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-32829	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424918	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-018213	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202207-2030	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32829	date:	2022-09-23T19:15:13.287