Details of VAR-202212-1423

ID

VAR-202212-1423

CVE

CVE-2022-32860

TITLE

Out-of-bounds write vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023666

DESCRIPTION

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // VULHUB: VHN-424949 // VULMON: CVE-2022-32860

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.8	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	11.0 that's all 11.6.8	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023666 // NVD: CVE-2022-32860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32860
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32860
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3336
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32860
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32860
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-424949 // JVNDB: JVNDB-2022-023666 // NVD: CVE-2022-32860

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3336

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3336

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213344	Trust: 0.8
title:	Apple macOS Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218515	Trust: 0.6

sources: JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32860	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-023666	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3336	Trust: 0.6
db:	VULHUB	id:	VHN-424949	Trust: 0.1
db:	VULMON	id:	CVE-2022-32860	Trust: 0.1

sources: VULHUB: VHN-424949 // VULMON: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

REFERENCES

url:	https://support.apple.com/en-us/ht213344	Trust: 1.8
url:	https://support.apple.com/en-us/ht213345	Trust: 1.8
url:	https://support.apple.com/en-us/ht213346	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32860	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-32860/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-424949 // VULMON: CVE-2022-32860 // JVNDB: JVNDB-2022-023666 // CNNVD: CNNVD-202212-3336 // NVD: CVE-2022-32860

SOURCES

db:	VULHUB	id:	VHN-424949
db:	VULMON	id:	CVE-2022-32860
db:	JVNDB	id:	JVNDB-2022-023666
db:	CNNVD	id:	CNNVD-202212-3336
db:	NVD	id:	CVE-2022-32860

LAST UPDATE DATE

2024-08-14T14:17:32.496000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424949	date:	2022-12-20T00:00:00
db:	VULMON	id:	CVE-2022-32860	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023666	date:	2023-11-29T06:13:00
db:	CNNVD	id:	CNNVD-202212-3336	date:	2022-12-21T00:00:00
db:	NVD	id:	CVE-2022-32860	date:	2022-12-20T15:06:46.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424949	date:	2022-12-15T00:00:00
db:	VULMON	id:	CVE-2022-32860	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023666	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3336	date:	2022-12-15T00:00:00
db:	NVD	id:	CVE-2022-32860	date:	2022-12-15T19:15:17.863