CVE-2022-22677
published 2022-11-01CVE-2022-22677: A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS…
PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.63%
45.9th percentile
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.5_and_ipados | — | — |
| apple | ipados | < 15.5 | 15.5 |
| apple | iphone_os | < 15.5 | 15.5 |
| apple | macos | >= 12.0.0 < 12.4 | 12.4 |
| apple | macos | >= unspecified < 12.4 | 12.4 |
| apple | macos | >= unspecified < 15.5 | 15.5 |
| apple | macos_monterey | — | — |
| debian | webkit2gtk | < webkit2gtk 2.36.4-1 (bookworm) | webkit2gtk 2.36.4-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.36.4-1 (bookworm) | webkit2gtk 2.36.4-1 (bookworm) |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2022-07-18
CVE-2022-26710 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a
remote attacker could exploit a variety of issues related to web browser
security, including cross-site scripting attacks, denial of service attacks,
and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: the video in a webRTC call may be interrupted if the audio capture gets interrupted
vendor_redhat·2022-07-05·CVSS 4.3
CVE-2022-22677 [MEDIUM] CWE-404 webkitgtk: the video in a webRTC call may be interrupted if the audio capture gets interrupted
webkitgtk: the video in a webRTC call may be interrupted if the audio capture gets interrupted
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
A vulnerability was found in WebKitGTK. This issue occurs due to a logic issue in video self-preview feature in a webRTC call, which can be interrupted if the user answers a phone call or the audio capture is interrupted. This flaw allows a remote attacker to perform a denial of service attack.
Statement: The vulnerability does not affect RHEL because WebRTC code is not included in any WebKitGTK releases thus far.
Package: webkitgtk (Red Hat En
Apple
CVE-2022-22677: iOS 15.5 and iPadOS 15.5
vendor_apple·2022-05-16·CVSS 4.3
CVE-2022-22677 [MEDIUM] CVE-2022-22677: iOS 15.5 and iPadOS 15.5
Apple Security Update: About the security content of iOS 15.5 and iPadOS 15.5
Product: iOS 15.5 and iPadOS
Version: 15.5
CVE: CVE-2022-22677
Component: WebRTC
Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call
Description: A logic issue in the handling of concurrent media was addressed with improved state handling.
Apple
CVE-2022-22677: macOS Monterey 12.4
vendor_apple·2022-05-16·CVSS 4.3
CVE-2022-22677 [MEDIUM] CVE-2022-22677: macOS Monterey 12.4
Apple Security Update: About the security content of macOS Monterey 12.4
Product: macOS Monterey
Version: 12.4
CVE: CVE-2022-22677
Component: WebRTC
Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call
Description: A logic issue in the handling of concurrent media was addressed with improved state handling.
Debian
CVE-2022-22677: webkit2gtk - A logic issue in the handling of concurrent media was addressed with improved st...
vendor_debian·2022·CVSS 4.3
CVE-2022-22677 [MEDIUM] CVE-2022-22677: webkit2gtk - A logic issue in the handling of concurrent media was addressed with improved st...
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
Scope: local
bookworm: resolved (fixed in 2.36.4-1)
bullseye: resolved (fixed in 2.36.4-1~deb11u1)
forky: resolved (fixed in 2.36.4-1)
sid: resolved (fixed in 2.36.4-1)
trixie: resolved (fixed in 2.36.4-1)
VulDB
Apple macOS up to 12.3 WebRTC denial of service (HT213257 / EUVD-2022-27822)
vuldb·2026-04-28·CVSS 4.3
CVE-2022-22677 [MEDIUM] Apple macOS up to 12.3 WebRTC denial of service (HT213257 / EUVD-2022-27822)
A vulnerability has been found in Apple macOS up to 12.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WebRTC. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2022-22677. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
VulDB
Apple iOS/iPadOS up to 15.4.1 WebRTC state issue (HT213258 / EUVD-2022-27822)
vuldb·2026-04-28·CVSS 4.3
CVE-2022-22677 [MEDIUM] Apple iOS/iPadOS up to 15.4.1 WebRTC state issue (HT213258 / EUVD-2022-27822)
A vulnerability described as problematic has been identified in Apple iOS and iPadOS up to 15.4.1. Affected by this issue is some unknown functionality of the component WebRTC. The manipulation results in state issue.
This vulnerability was named CVE-2022-22677. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is recommended.
GHSA
GHSA-q4jh-7c38-fcx6: A logic issue in the handling of concurrent media was addressed with improved state handling
ghsa_unreviewed·2022-11-02
CVE-2022-22677 [MEDIUM] GHSA-q4jh-7c38-fcx6: A logic issue in the handling of concurrent media was addressed with improved state handling
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
OSV
CVE-2022-22677: A logic issue in the handling of concurrent media was addressed with improved state handling
osv·2022-11-01·CVSS 4.3
CVE-2022-22677 [MEDIUM] CVE-2022-22677: A logic issue in the handling of concurrent media was addressed with improved state handling
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-01
Published