ID

VAR-202209-1490


CVE

CVE-2022-32863


TITLE

apple's  Safari  and  macOS  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018937

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari and macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-32863 // JVNDB: JVNDB-2022-018937 // VULHUB: VHN-424952

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:safariscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.5

Trust: 0.8

sources: JVNDB: JVNDB-2022-018937 // NVD: CVE-2022-32863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32863
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-32863
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202209-1604
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-32863
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32863
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018937 // CNNVD: CNNVD-202209-1604 // NVD: CVE-2022-32863

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-424952 // JVNDB: JVNDB-2022-018937 // NVD: CVE-2022-32863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1604

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-1604

PATCH

title:HT213345 Apple  Security updateurl:https://support.apple.com/en-us/HT213341

Trust: 0.8

title:Apple macOS Monterey Safari Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=208798

Trust: 0.6

sources: JVNDB: JVNDB-2022-018937 // CNNVD: CNNVD-202209-1604

EXTERNAL IDS

db:NVDid:CVE-2022-32863

Trust: 3.3

db:JVNDBid:JVNDB-2022-018937

Trust: 0.8

db:CNNVDid:CNNVD-202209-1604

Trust: 0.6

db:VULHUBid:VHN-424952

Trust: 0.1

sources: VULHUB: VHN-424952 // JVNDB: JVNDB-2022-018937 // CNNVD: CNNVD-202209-1604 // NVD: CVE-2022-32863

REFERENCES

url:https://support.apple.com/en-us/ht213341

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://support.apple.com/kb/ht213346

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-32863

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32863/

Trust: 0.6

sources: VULHUB: VHN-424952 // JVNDB: JVNDB-2022-018937 // CNNVD: CNNVD-202209-1604 // NVD: CVE-2022-32863

SOURCES

db:VULHUBid:VHN-424952
db:JVNDBid:JVNDB-2022-018937
db:CNNVDid:CNNVD-202209-1604
db:NVDid:CVE-2022-32863

LAST UPDATE DATE

2024-08-14T14:55:15.687000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424952date:2022-09-22T00:00:00
db:JVNDBid:JVNDB-2022-018937date:2023-10-24T01:47:00
db:CNNVDid:CNNVD-202209-1604date:2022-09-23T00:00:00
db:NVDid:CVE-2022-32863date:2023-03-17T02:15:47.317

SOURCES RELEASE DATE

db:VULHUBid:VHN-424952date:2022-09-20T00:00:00
db:JVNDBid:JVNDB-2022-018937date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202209-1604date:2022-09-20T00:00:00
db:NVDid:CVE-2022-32863date:2022-09-20T21:15:10.747