Details of VAR-202212-1488

ID

VAR-202212-1488

CVE

CVE-2022-46693

TITLE

Out-of-bounds write vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593

DESCRIPTION

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution. iCloud , iPadOS , iOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // VULHUB: VHN-447267 // VULMON: CVE-2022-46693

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	14.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.2	Trust: 1.0
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	9.2	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	icloud	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023593 // NVD: CVE-2022-46693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46693
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-46693
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3028
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-46693
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46693
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-447267 // JVNDB: JVNDB-2022-023593 // NVD: CVE-2022-46693

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3028

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3028

PATCH

title:

HT213536 Apple Security update

url:

https://support.apple.com/en-us/HT213530

Trust: 0.8

sources: JVNDB: JVNDB-2022-023593

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46693	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-023593	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3028	Trust: 0.6
db:	VULHUB	id:	VHN-447267	Trust: 0.1
db:	VULMON	id:	CVE-2022-46693	Trust: 0.1

sources: VULHUB: VHN-447267 // VULMON: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

REFERENCES

url:	http://seclists.org/fulldisclosure/2022/dec/20	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/dec/23	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/dec/26	Trust: 2.5
url:	https://support.apple.com/en-us/ht213536	Trust: 2.4
url:	http://seclists.org/fulldisclosure/2022/dec/27	Trust: 1.9
url:	https://support.apple.com/en-us/ht213530	Trust: 1.8
url:	https://support.apple.com/en-us/ht213532	Trust: 1.8
url:	https://support.apple.com/en-us/ht213535	Trust: 1.8
url:	https://support.apple.com/en-us/ht213538	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46693	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-46693/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-447267 // VULMON: CVE-2022-46693 // JVNDB: JVNDB-2022-023593 // CNNVD: CNNVD-202212-3028 // NVD: CVE-2022-46693

SOURCES

db:	VULHUB	id:	VHN-447267
db:	VULMON	id:	CVE-2022-46693
db:	JVNDB	id:	JVNDB-2022-023593
db:	CNNVD	id:	CNNVD-202212-3028
db:	NVD	id:	CVE-2022-46693

LAST UPDATE DATE

2024-08-14T14:17:32.402000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-447267	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2022-46693	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023593	date:	2023-11-29T03:22:00
db:	CNNVD	id:	CNNVD-202212-3028	date:	2023-01-03T00:00:00
db:	NVD	id:	CVE-2022-46693	date:	2023-11-07T03:55:49.330

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-447267	date:	2022-12-15T00:00:00
db:	VULMON	id:	CVE-2022-46693	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023593	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3028	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46693	date:	2022-12-15T19:15:26.287