ID

VAR-202210-1626


CVE

CVE-2022-42829


TITLE

Freed memory usage vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022842

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-42829 // JVNDB: JVNDB-2022-022842 // VULHUB: VHN-439611

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022842 // NVD: CVE-2022-42829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42829
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-42829
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-1652
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42829
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-42829
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022842 // CNNVD: CNNVD-202210-1652 // NVD: CVE-2022-42829

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-439611 // JVNDB: JVNDB-2022-022842 // NVD: CVE-2022-42829

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1652

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1652

PATCH

title:HT213488 Apple  Security updateurl:https://support.apple.com/en-us/HT213488

Trust: 0.8

title:Apple iOS and iPadOS Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213118

Trust: 0.6

sources: JVNDB: JVNDB-2022-022842 // CNNVD: CNNVD-202210-1652

EXTERNAL IDS

db:NVDid:CVE-2022-42829

Trust: 3.3

db:JVNDBid:JVNDB-2022-022842

Trust: 0.8

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:CNNVDid:CNNVD-202210-1652

Trust: 0.6

db:VULHUBid:VHN-439611

Trust: 0.1

sources: VULHUB: VHN-439611 // JVNDB: JVNDB-2022-022842 // CNNVD: CNNVD-202210-1652 // NVD: CVE-2022-42829

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://support.apple.com/en-us/ht213488

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-42829

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-42829/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

sources: VULHUB: VHN-439611 // JVNDB: JVNDB-2022-022842 // CNNVD: CNNVD-202210-1652 // NVD: CVE-2022-42829

SOURCES

db:VULHUBid:VHN-439611
db:JVNDBid:JVNDB-2022-022842
db:CNNVDid:CNNVD-202210-1652
db:NVDid:CVE-2022-42829

LAST UPDATE DATE

2024-08-14T13:19:00.112000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439611date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-022842date:2023-11-21T01:58:00
db:CNNVDid:CNNVD-202210-1652date:2022-11-07T00:00:00
db:NVDid:CVE-2022-42829date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-439611date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022842date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202210-1652date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42829date:2022-11-01T20:15:24.407