Details of VAR-202210-1467

ID

VAR-202210-1467

CVE

CVE-2022-32895

TITLE

apple's macOS Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022780

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. apple's macOS There is a race condition vulnerability in.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-32895 // JVNDB: JVNDB-2022-022780 // VULHUB: VHN-424984

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	13.0	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-022780 // NVD: CVE-2022-32895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32895
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-32895
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-1625
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-32895
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32895
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-022780 // CNNVD: CNNVD-202210-1625 // NVD: CVE-2022-32895

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.1
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-424984 // JVNDB: JVNDB-2022-022780 // NVD: CVE-2022-32895

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1625

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-1625

PATCH

title:	HT213488 Apple Security update	url:	https://support.apple.com/en-us/HT213488	Trust: 0.8
title:	Apple macOS Repair measures for the competition condition problem loophole	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=212967	Trust: 0.6

sources: JVNDB: JVNDB-2022-022780 // CNNVD: CNNVD-202210-1625

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32895	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-022780	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5300	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-1625	Trust: 0.6
db:	VULHUB	id:	VHN-424984	Trust: 0.1

sources: VULHUB: VHN-424984 // JVNDB: JVNDB-2022-022780 // CNNVD: CNNVD-202210-1625 // NVD: CVE-2022-32895

REFERENCES

url:	https://support.apple.com/en-us/ht213488	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32895	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.5300	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32895/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702	Trust: 0.6

sources: VULHUB: VHN-424984 // JVNDB: JVNDB-2022-022780 // CNNVD: CNNVD-202210-1625 // NVD: CVE-2022-32895

SOURCES

db:	VULHUB	id:	VHN-424984
db:	JVNDB	id:	JVNDB-2022-022780
db:	CNNVD	id:	CNNVD-202210-1625
db:	NVD	id:	CVE-2022-32895

LAST UPDATE DATE

2024-08-14T12:45:14.501000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424984	date:	2022-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-022780	date:	2023-11-21T00:39:00
db:	CNNVD	id:	CNNVD-202210-1625	date:	2022-11-04T00:00:00
db:	NVD	id:	CVE-2022-32895	date:	2022-11-03T14:38:33.867

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424984	date:	2022-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-022780	date:	2023-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202210-1625	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-32895	date:	2022-11-01T20:15:18.827