Details of VAR-202210-2057

ID

VAR-202210-2057

CVE

CVE-2022-32925

TITLE

Apple tvOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-2600

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. Apple tvOS is a smart TV operating system developed by Apple (Apple). No detailed vulnerability details were provided at this time

Trust: 0.99

sources: NVD: CVE-2022-32925 // VULHUB: VHN-425014

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.0	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.0	Trust: 1.0

sources: NVD: CVE-2022-32925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32925
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202210-2600
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32925
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202210-2600 // NVD: CVE-2022-32925

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-425014 // NVD: CVE-2022-32925

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-2600

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-2600

PATCH

title:

Apple tvOS Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=212883

Trust: 0.6

sources: CNNVD: CNNVD-202210-2600

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32925	Trust: 1.7
db:	AUSCERT	id:	ESB-2022.5473	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5462	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-2600	Trust: 0.6
db:	CNVD	id:	CNVD-2022-74081	Trust: 0.1
db:	VULHUB	id:	VHN-425014	Trust: 0.1

sources: VULHUB: VHN-425014 // CNNVD: CNNVD-202210-2600 // NVD: CVE-2022-32925

REFERENCES

url:	https://support.apple.com/en-us/ht213446	Trust: 1.7
url:	https://support.apple.com/en-us/ht213486	Trust: 1.7
url:	https://support.apple.com/en-us/ht213487	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-32925/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5462	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5473	Trust: 0.6

sources: VULHUB: VHN-425014 // CNNVD: CNNVD-202210-2600 // NVD: CVE-2022-32925

SOURCES

db:	VULHUB	id:	VHN-425014
db:	CNNVD	id:	CNNVD-202210-2600
db:	NVD	id:	CVE-2022-32925

LAST UPDATE DATE

2024-08-14T12:48:15.151000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-425014	date:	2022-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202210-2600	date:	2022-11-03T00:00:00
db:	NVD	id:	CVE-2022-32925	date:	2022-11-02T17:51:34.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-425014	date:	2022-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202210-2600	date:	2022-10-31T00:00:00
db:	NVD	id:	CVE-2022-32925	date:	2022-11-01T20:15:19.577