ID

VAR-202207-1507


CVE

CVE-2022-32823


TITLE

Initialization vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018225

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information. iPadOS , iOS , Apple Mac OS X A number of Apple products have vulnerabilities related to initialization.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-32823 // JVNDB: JVNDB-2022-018225 // VULHUB: VHN-424912

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.7

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:8.7

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018225 // NVD: CVE-2022-32823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32823
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32823
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-2076
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32823
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32823
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018225 // CNNVD: CNNVD-202207-2076 // NVD: CVE-2022-32823

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.1

problemtype:Improper initialization (CWE-665) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-424912 // JVNDB: JVNDB-2022-018225 // NVD: CVE-2022-32823

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2076

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2076

PATCH

title:HT213345 Apple  Security updateurl:https://support.apple.com/en-us/HT213340

Trust: 0.8

title:Multiple Apple product Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209246

Trust: 0.6

title:Apple: macOS Big Sur 11.6.8url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=46307825e8223bef6aa99c76dff503a5

Trust: 0.1

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

title:Apple: macOS Monterey 12.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2022-32823 // JVNDB: JVNDB-2022-018225 // CNNVD: CNNVD-202207-2076

EXTERNAL IDS

db:NVDid:CVE-2022-32823

Trust: 3.4

db:JVNDBid:JVNDB-2022-018225

Trust: 0.8

db:AUSCERTid:ESB-2022.3563

Trust: 0.6

db:CS-HELPid:SB2022072107

Trust: 0.6

db:CNNVDid:CNNVD-202207-2076

Trust: 0.6

db:VULHUBid:VHN-424912

Trust: 0.1

db:VULMONid:CVE-2022-32823

Trust: 0.1

sources: VULHUB: VHN-424912 // VULMON: CVE-2022-32823 // JVNDB: JVNDB-2022-018225 // CNNVD: CNNVD-202207-2076 // NVD: CVE-2022-32823

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/en-us/ht213340

Trust: 1.7

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://support.apple.com/en-us/ht213343

Trust: 1.7

url:https://support.apple.com/en-us/ht213344

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32823

Trust: 0.8

url:https://vigilance.fr/vulnerability/libxml2-memory-reading-38876

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3563

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32823/

Trust: 0.6

url:https://support.apple.com/kb/ht213344

Trust: 0.1

sources: VULHUB: VHN-424912 // VULMON: CVE-2022-32823 // JVNDB: JVNDB-2022-018225 // CNNVD: CNNVD-202207-2076 // NVD: CVE-2022-32823

SOURCES

db:VULHUBid:VHN-424912
db:VULMONid:CVE-2022-32823
db:JVNDBid:JVNDB-2022-018225
db:CNNVDid:CNNVD-202207-2076
db:NVDid:CVE-2022-32823

LAST UPDATE DATE

2024-08-14T13:01:11.621000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424912date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-018225date:2023-10-19T04:43:00
db:CNNVDid:CNNVD-202207-2076date:2022-09-28T00:00:00
db:NVDid:CVE-2022-32823date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-424912date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2022-018225date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202207-2076date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32823date:2022-09-23T19:15:13.103