ID

VAR-202212-1423


CVE

CVE-2022-32860


TITLE

Out-of-bounds write vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023666

DESCRIPTION

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // VULHUB: VHN-424949 // VULMON: CVE-2022-32860

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.8

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.5

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.6.8

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023666 // NVD: CVE-2022-32860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32860
value: HIGH

Trust: 1.0

NVD: CVE-2022-32860
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-3336
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32860
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32860
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-424949 // JVNDB: JVNDB-2022-023666 // NVD: CVE-2022-32860

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3336

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3336

PATCH

title:HT213345 Apple  Security updateurl:https://support.apple.com/en-us/HT213344

Trust: 0.8

title:Apple macOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218515

Trust: 0.6

sources: JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336

EXTERNAL IDS

db:NVDid:CVE-2022-32860

Trust: 3.4

db:JVNDBid:JVNDB-2022-023666

Trust: 0.8

db:CNNVDid:CNNVD-202212-3336

Trust: 0.6

db:VULHUBid:VHN-424949

Trust: 0.1

db:VULMONid:CVE-2022-32860

Trust: 0.1

sources: VULHUB: VHN-424949 // VULMON: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

REFERENCES

url:https://support.apple.com/en-us/ht213344

Trust: 1.8

url:https://support.apple.com/en-us/ht213345

Trust: 1.8

url:https://support.apple.com/en-us/ht213346

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-32860

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32860/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-424949 // VULMON: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

SOURCES

db:VULHUBid:VHN-424949
db:VULMONid:CVE-2022-32860
db:JVNDBid:JVNDB-2022-023666
db:CNNVDid:CNNVD-202212-3336
db:NVDid:CVE-2022-32860

LAST UPDATE DATE

2024-08-14T14:17:32.496000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424949date:2022-12-20T00:00:00
db:VULMONid:CVE-2022-32860date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023666date:2023-11-29T06:13:00
db:CNNVDid:CNNVD-202212-3336date:2022-12-21T00:00:00
db:NVDid:CVE-2022-32860date:2022-12-20T15:06:46.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-424949date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-32860date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023666date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3336date:2022-12-15T00:00:00
db:NVDid:CVE-2022-32860date:2022-12-15T19:15:17.863