CVE-2022-22638 — NULL Pointer Dereference in Apple IOS AND Ipados

CWE-476 — NULL Pointer Dereference9 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 22.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 18

Latest updateMar 19

Description

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5apple/macosunspecified — 12.3+2

▶NVDapple/macos11.6 — 11.6.5+2

▶NVDapple/mac_os_x10.15 — 10.15.7+1

▶CVEListV5apple/tvosunspecified — 15.4

▶NVDapple/tvos< 15.4

🔴Vulnerability Details

GHSA

GHSA-99mr-5r92-ggx5: A null pointer dereference was addressed with improved validation↗2022-03-19

▶

CVEList

CVE-2022-22638: A null pointer dereference was addressed with improved validation↗2022-03-18

▶

📋Vendor Advisories

Apple

CVE-2022-22638: iOS 15.4 and iPadOS 15.4↗2022-03-14

▶

Apple

CVE-2022-22638: macOS Big Sur 11.6.5↗2022-03-14

▶

Apple

CVE-2022-22638: Security Update 2022-003 Catalina↗2022-03-14

▶

Apple

CVE-2022-22638: macOS Monterey 12.3↗2022-03-14

▶

Apple

CVE-2022-22638: tvOS 15.4↗2022-03-14

▶