CVE-2022-22582

CWE-596 documents4 sources

Severity

5.5MEDIUM

EPSS

2.6%

top 14.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple MAC OS X

Timeline

PublishedFeb 27

Description

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apple/macosunspecified — 12.3+2

▶NVDapple/macos11.0 — 11.6.5+1

▶NVDapple/mac_os_x10.15.7

🔴Vulnerability Details

GHSA

GHSA-4r4v-x4wj-59wx: A validation issue existed in the handling of symlinks↗2023-02-27

▶

CVEList

CVE-2022-22582: A validation issue existed in the handling of symlinks↗2023-02-27

▶

📋Vendor Advisories

Apple

CVE-2022-22582: macOS Big Sur 11.6.5↗2022-03-14

▶

Apple

CVE-2022-22582: Security Update 2022-003 Catalina↗2022-03-14

▶

Apple

CVE-2022-22582: macOS Monterey 12.3↗2022-03-14

▶