CVE-2022-22593 — Classic Buffer Overflow in Apple IOS AND Ipados

CWE-120 — Classic Buffer Overflow9 documents4 sources

Severity

7.8HIGHNVD

EPSS

1.7%

top 17.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 18

Latest updateMar 19

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5apple/macosunspecified — 12.2+2

▶NVDapple/macos11.0 — 11.6.3+1

▶NVDapple/mac_os_x< 10.15.7+1

▶CVEListV5apple/tvosunspecified — 15.3

▶NVDapple/tvos< 15.3

🔴Vulnerability Details

GHSA

GHSA-85p9-rg6j-hvqw: A buffer overflow issue was addressed with improved memory handling↗2022-03-19

▶

CVEList

CVE-2022-22593: A buffer overflow issue was addressed with improved memory handling↗2022-03-18

▶

📋Vendor Advisories

Apple

CVE-2022-22593: tvOS 15.3↗2022-01-26

▶

Apple

CVE-2022-22593: iOS 15.3 and iPadOS 15.3↗2022-01-26

▶

Apple

CVE-2022-22593: macOS Big Sur 11.6.3↗2022-01-26

▶

Apple

CVE-2022-22593: watchOS 8.4↗2022-01-26

▶

Apple

CVE-2022-22593: macOS Monterey 12.2↗2022-01-26

▶