ID

VAR-202210-1624


CVE

CVE-2022-42827


TITLE

Apple iOS and iPadOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Trust: 0.99

sources: NVD: CVE-2022-42827 // VULHUB: VHN-439608

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:16.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.1

Trust: 1.0

sources: NVD: CVE-2022-42827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42827
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1651
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-42827
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1651 // NVD: CVE-2022-42827

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-439608 // NVD: CVE-2022-42827

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

PATCH

title:Apple iOS and iPadOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212970

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

EXTERNAL IDS

db:NVDid:CVE-2022-42827

Trust: 1.7

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:AUSCERTid:ESB-2022.5461

Trust: 0.6

db:CNNVDid:CNNVD-202210-1651

Trust: 0.6

db:VULHUBid:VHN-439608

Trust: 0.1

sources: VULHUB: VHN-439608 // CNNVD: CNNVD-202210-1651 // NVD: CVE-2022-42827

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://support.apple.com/en-us/ht213490

Trust: 2.3

url:https://www.auscert.org.au/bulletins/esb-2022.5461

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-42827/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

sources: VULHUB: VHN-439608 // CNNVD: CNNVD-202210-1651 // NVD: CVE-2022-42827

SOURCES

db:VULHUBid:VHN-439608
db:CNNVDid:CNNVD-202210-1651
db:NVDid:CVE-2022-42827

LAST UPDATE DATE

2024-08-14T13:04:29.100000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439608date:2022-11-03T00:00:00
db:CNNVDid:CNNVD-202210-1651date:2022-11-04T00:00:00
db:NVDid:CVE-2022-42827date:2022-11-03T13:33:54.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-439608date:2022-11-01T00:00:00
db:CNNVDid:CNNVD-202210-1651date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42827date:2022-11-01T20:15:24.333