Details of VAR-202207-1496

ID

VAR-202207-1496

CVE

CVE-2022-32830

TITLE

Out-of-bounds read vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020275

DESCRIPTION

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. apple's iPadOS , iOS , tvOS Exists in an out-of-bounds read vulnerability.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability that stems from a boundary condition in ImageIO. A remote attacker could create a specially crafted file to trick the victim into opening it, triggering an out-of-bounds read error and reading the contents of memory on the system. The vulnerability could allow a remote attacker to obtain potentially sensitive information. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // VULHUB: VHN-424919 // VULMON: CVE-2022-32830

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	eq	version:	15.6	Trust: 0.8

sources: JVNDB: JVNDB-2022-020275 // NVD: CVE-2022-32830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32830
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32830
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2091
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32830
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32830
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-424919 // JVNDB: JVNDB-2022-020275 // NVD: CVE-2022-32830

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2091

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2091

PATCH

title:	HT213342 Apple Security update	url:	https://support.apple.com/en-us/HT213342	Trust: 0.8
title:	Apple iOS and iPadOS Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228029	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1

sources: VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32830	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-020275	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-2091	Trust: 0.7
db:	CS-HELP	id:	SB2022072107	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3558	Trust: 0.6
db:	VULHUB	id:	VHN-424919	Trust: 0.1
db:	VULMON	id:	CVE-2022-32830	Trust: 0.1

sources: VULHUB: VHN-424919 // VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213342	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32830	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3558	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32830/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072107	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424919 // VULMON: CVE-2022-32830 // JVNDB: JVNDB-2022-020275 // CNNVD: CNNVD-202207-2091 // NVD: CVE-2022-32830

SOURCES

db:	VULHUB	id:	VHN-424919
db:	VULMON	id:	CVE-2022-32830
db:	JVNDB	id:	JVNDB-2022-020275
db:	CNNVD	id:	CNNVD-202207-2091
db:	NVD	id:	CVE-2022-32830

LAST UPDATE DATE

2024-08-14T12:10:03.413000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424919	date:	2023-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-020275	date:	2023-11-01T01:20:00
db:	CNNVD	id:	CNNVD-202207-2091	date:	2023-03-08T00:00:00
db:	NVD	id:	CVE-2022-32830	date:	2023-03-07T20:38:01.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424919	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-020275	date:	2023-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202207-2091	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32830	date:	2023-02-27T20:15:11.730