Details of VAR-202211-1822

ID

VAR-202211-1822

CVE

CVE-2022-32948

TITLE

Out-of-bounds read vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023662

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-32948 // JVNDB: JVNDB-2022-023662 // VULHUB: VHN-425037

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023662 // NVD: CVE-2022-32948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32948
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32948
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3343
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32948
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32948
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023662 // CNNVD: CNNVD-202212-3343 // NVD: CVE-2022-32948

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-425037 // JVNDB: JVNDB-2022-023662 // NVD: CVE-2022-32948

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3343

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3343

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213345	Trust: 0.8
title:	Apple macOS Monterey Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218517	Trust: 0.6
title:	-	url:	https://github.com/0x36/weightBufs	Trust: 0.1

sources: VULMON: CVE-2022-32948 // JVNDB: JVNDB-2022-023662 // CNNVD: CNNVD-202212-3343

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32948	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-023662	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3343	Trust: 0.6
db:	VULHUB	id:	VHN-425037	Trust: 0.1
db:	VULMON	id:	CVE-2022-32948	Trust: 0.1

sources: VULHUB: VHN-425037 // VULMON: CVE-2022-32948 // JVNDB: JVNDB-2022-023662 // CNNVD: CNNVD-202212-3343 // NVD: CVE-2022-32948

REFERENCES

url:	https://support.apple.com/en-us/ht213345	Trust: 1.7
url:	https://support.apple.com/en-us/ht213346	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32948	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-32948/	Trust: 0.6
url:	https://github.com/0x36/weightbufs	Trust: 0.1

sources: VULHUB: VHN-425037 // VULMON: CVE-2022-32948 // JVNDB: JVNDB-2022-023662 // CNNVD: CNNVD-202212-3343 // NVD: CVE-2022-32948

SOURCES

db:	VULHUB	id:	VHN-425037
db:	VULMON	id:	CVE-2022-32948
db:	JVNDB	id:	JVNDB-2022-023662
db:	CNNVD	id:	CNNVD-202212-3343
db:	NVD	id:	CVE-2022-32948

LAST UPDATE DATE

2024-08-14T15:37:18.417000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-425037	date:	2022-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-023662	date:	2023-11-29T05:57:00
db:	CNNVD	id:	CNNVD-202212-3343	date:	2022-12-21T00:00:00
db:	NVD	id:	CVE-2022-32948	date:	2022-12-20T13:44:43.783

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-425037	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023662	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3343	date:	2022-12-15T00:00:00
db:	NVD	id:	CVE-2022-32948	date:	2022-12-15T19:15:18.203