Details of VAR-202211-1704

ID

VAR-202211-1704

CVE

CVE-2022-42805

TITLE

Integer overflow vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023661

DESCRIPTION

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-42805 // JVNDB: JVNDB-2022-023661 // VULHUB: VHN-439590

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023661 // NVD: CVE-2022-42805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-42805
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-42805
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3344
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-42805
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-42805
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023661 // CNNVD: CNNVD-202212-3344 // NVD: CVE-2022-42805

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-439590 // JVNDB: JVNDB-2022-023661 // NVD: CVE-2022-42805

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3344

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3344

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213345	Trust: 0.8
title:	Apple iOS Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218518	Trust: 0.6
title:	-	url:	https://github.com/0x36/weightBufs	Trust: 0.1

sources: VULMON: CVE-2022-42805 // JVNDB: JVNDB-2022-023661 // CNNVD: CNNVD-202212-3344

EXTERNAL IDS

db:	NVD	id:	CVE-2022-42805	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-023661	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3344	Trust: 0.6
db:	VULHUB	id:	VHN-439590	Trust: 0.1
db:	VULMON	id:	CVE-2022-42805	Trust: 0.1

sources: VULHUB: VHN-439590 // VULMON: CVE-2022-42805 // JVNDB: JVNDB-2022-023661 // CNNVD: CNNVD-202212-3344 // NVD: CVE-2022-42805

REFERENCES

url:	https://support.apple.com/en-us/ht213345	Trust: 1.7
url:	https://support.apple.com/en-us/ht213346	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42805	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-42805/	Trust: 0.6
url:	https://github.com/0x36/weightbufs	Trust: 0.1

sources: VULHUB: VHN-439590 // VULMON: CVE-2022-42805 // JVNDB: JVNDB-2022-023661 // CNNVD: CNNVD-202212-3344 // NVD: CVE-2022-42805

SOURCES

db:	VULHUB	id:	VHN-439590
db:	VULMON	id:	CVE-2022-42805
db:	JVNDB	id:	JVNDB-2022-023661
db:	CNNVD	id:	CNNVD-202212-3344
db:	NVD	id:	CVE-2022-42805

LAST UPDATE DATE

2024-08-14T14:17:34.054000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-439590	date:	2022-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-023661	date:	2023-11-29T05:53:00
db:	CNNVD	id:	CNNVD-202212-3344	date:	2022-12-21T00:00:00
db:	NVD	id:	CVE-2022-42805	date:	2022-12-20T02:27:31.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-439590	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023661	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3344	date:	2022-12-15T00:00:00
db:	NVD	id:	CVE-2022-42805	date:	2022-12-15T19:15:22.843