ID

VAR-202212-1488


CVE

CVE-2022-46693


TITLE

Out-of-bounds write vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593

DESCRIPTION

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution. iCloud , iPadOS , iOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // VULHUB: VHN-447267 // VULMON: CVE-2022-46693

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:14.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:9.2

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:icloudscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593 // NVD: CVE-2022-46693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46693
value: HIGH

Trust: 1.0

NVD: CVE-2022-46693
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-3028
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-46693
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-46693
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-447267 // JVNDB: JVNDB-2022-023593 // NVD: CVE-2022-46693

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3028

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3028

PATCH

title:HT213536 Apple  Security updateurl:https://support.apple.com/en-us/HT213530

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593

EXTERNAL IDS

db:NVDid:CVE-2022-46693

Trust: 3.4

db:JVNDBid:JVNDB-2022-023593

Trust: 0.8

db:CNNVDid:CNNVD-202212-3028

Trust: 0.6

db:VULHUBid:VHN-447267

Trust: 0.1

db:VULMONid:CVE-2022-46693

Trust: 0.1

sources: VULHUB: VHN-447267 // VULMON: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

REFERENCES

url:http://seclists.org/fulldisclosure/2022/dec/20

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/23

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/26

Trust: 2.5

url:https://support.apple.com/en-us/ht213536

Trust: 2.4

url:http://seclists.org/fulldisclosure/2022/dec/27

Trust: 1.9

url:https://support.apple.com/en-us/ht213530

Trust: 1.8

url:https://support.apple.com/en-us/ht213532

Trust: 1.8

url:https://support.apple.com/en-us/ht213535

Trust: 1.8

url:https://support.apple.com/en-us/ht213538

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-46693

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-46693/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-447267 // VULMON: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

SOURCES

db:VULHUBid:VHN-447267
db:VULMONid:CVE-2022-46693
db:JVNDBid:JVNDB-2022-023593
db:CNNVDid:CNNVD-202212-3028
db:NVDid:CVE-2022-46693

LAST UPDATE DATE

2024-08-14T14:17:32.402000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-447267date:2023-01-09T00:00:00
db:VULMONid:CVE-2022-46693date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023593date:2023-11-29T03:22:00
db:CNNVDid:CNNVD-202212-3028date:2023-01-03T00:00:00
db:NVDid:CVE-2022-46693date:2023-11-07T03:55:49.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-447267date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-46693date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023593date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3028date:2022-12-13T00:00:00
db:NVDid:CVE-2022-46693date:2022-12-15T19:15:26.287