CVE-2022-32886Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOSApple IOS AND IpadosApple Safari+4 more
Timeline
PublishedSep 20
Latest updateOct 24

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5apple/safariunspecified16
NVDapple/ipados< 15.7
NVDapple/safari< 16.0
CVEListV5apple/ios_and_ipadosunspecified15.7
CVEListV5apple/iosunspecified16

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

🔴Vulnerability Details

3
GHSA
GHSA-rm7v-mc66-6r49: A buffer overflow issue was addressed with improved memory handling2022-09-21
OSV
CVE-2022-32886: A buffer overflow issue was addressed with improved memory handling2022-09-20
CVEList
CVE-2022-32886: A buffer overflow issue was addressed with improved memory handling2022-09-20

📋Vendor Advisories

9
Apple
CVE-2022-32886: macOS Ventura 132022-10-24
Ubuntu
WebKitGTK vulnerabilities2022-09-26
Apple
CVE-2022-32886: iOS 162022-09-12
Apple
CVE-2022-32886: iOS 15.7 and iPadOS 15.72022-09-12
Apple
CVE-2022-32886: Safari 162022-09-12
CVE-2022-32886 — Out-of-bounds Write in Apple | cvebase