ID

VAR-202207-1496


CVE

CVE-2022-32830


TITLE

Out-of-bounds read vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020275

DESCRIPTION

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. apple's iPadOS , iOS , tvOS Exists in an out-of-bounds read vulnerability.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability that stems from a boundary condition in ImageIO. A remote attacker could create a specially crafted file to trick the victim into opening it, triggering an out-of-bounds read error and reading the contents of memory on the system. The vulnerability could allow a remote attacker to obtain potentially sensitive information. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // VULHUB: VHN-424919 // VULMON: CVE-2022-32830

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion:15.6

Trust: 0.8

sources: JVNDB: JVNDB-2022-020275 // NVD: CVE-2022-32830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32830
value: HIGH

Trust: 1.0

NVD: CVE-2022-32830
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2091
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32830
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32830
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-424919 // JVNDB: JVNDB-2022-020275 // NVD: CVE-2022-32830

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2091

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2091

PATCH

title:HT213342 Apple  Security updateurl:https://support.apple.com/en-us/HT213342

Trust: 0.8

title:Apple iOS and iPadOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228029

Trust: 0.6

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

sources: VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091

EXTERNAL IDS

db:NVDid:CVE-2022-32830

Trust: 3.4

db:JVNDBid:JVNDB-2022-020275

Trust: 0.8

db:CNNVDid:CNNVD-202207-2091

Trust: 0.7

db:CS-HELPid:SB2022072107

Trust: 0.6

db:AUSCERTid:ESB-2022.3558

Trust: 0.6

db:VULHUBid:VHN-424919

Trust: 0.1

db:VULMONid:CVE-2022-32830

Trust: 0.1

sources: VULHUB: VHN-424919 // VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32830

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.3558

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32830/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://support.apple.com/kb/ht213346

Trust: 0.1

sources: VULHUB: VHN-424919 // VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

SOURCES

db:VULHUBid:VHN-424919
db:VULMONid:CVE-2022-32830
db:JVNDBid:JVNDB-2022-020275
db:CNNVDid:CNNVD-202207-2091
db:NVDid:CVE-2022-32830

LAST UPDATE DATE

2024-08-14T12:10:03.413000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424919date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020275date:2023-11-01T01:20:00
db:CNNVDid:CNNVD-202207-2091date:2023-03-08T00:00:00
db:NVDid:CVE-2022-32830date:2023-03-07T20:38:01.120

SOURCES RELEASE DATE

db:VULHUBid:VHN-424919date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020275date:2023-11-01T00:00:00
db:CNNVDid:CNNVD-202207-2091date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32830date:2023-02-27T20:15:11.730