CVE-2022-26711

CWE-190Integer Overflow8 documents4 sources
Severity
9.8CRITICAL
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple WatchosApple IpadosApple Iphone OS+3 more
Timeline
PublishedMay 26
Latest updateMay 27

Description

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDapple/tvos< 15.5
NVDapple/macos12.0.012.4
NVDapple/ipados< 15.5
NVDapple/itunes< 12.12.4
CVEListV5apple/watchosunspecified8.6+3

🔴Vulnerability Details

2
GHSA
GHSA-wj68-2jqr-2ghf: An integer overflow issue was addressed with improved input validation2022-05-27
CVEList
CVE-2022-26711: An integer overflow issue was addressed with improved input validation2022-05-26

📋Vendor Advisories

5
Apple
CVE-2022-26711: iTunes 12.12.4 for Windows2022-05-18
Apple
CVE-2022-26711: iOS 15.5 and iPadOS 15.52022-05-16
Apple
CVE-2022-26711: macOS Monterey 12.42022-05-16
Apple
CVE-2022-26711: watchOS 8.62022-05-16
Apple
CVE-2022-26711: tvOS 15.52022-05-16
CVE-2022-26711 (CRITICAL CVSS 9.8) | An integer overflow issue was addre | cvebase.io