CVE-2022-32888
published 2022-11-01CVE-2022-32888: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and…
PriorityP352high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.14%
62.8th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios_15.7_and_ipados | — | — |
| apple | ipados | < 15.7 | 15.7 |
| apple | iphone_os | < 15.7 | 15.7 |
| apple | macos | >= 11.0 < 11.7 | 11.7 |
| apple | macos | >= 12.0.0 < 12.6 | 12.6 |
| apple | macos | >= unspecified < 13 | 13 |
| apple | macos | >= unspecified < 16 | 16 |
| apple | macos | >= unspecified < 11.7 | 11.7 |
| apple | macos | >= unspecified < 15.7 | 15.7 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | < 16.0 | 16.0 |
| apple | tvos | — | — |
| apple | watchos | < 9.0 | 9.0 |
| apple | watchos | >= unspecified < 9 | 9 |
| apple | watchos | >= unspecified < 16 | 16 |
| apple | watchos | >= unspecified < 12.6 | 12.6 |
| apple | watchos_9 | — | — |
| debian | webkit2gtk | < webkit2gtk 2.38.0-1 (bookworm) | webkit2gtk 2.38.0-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.38.0-1 (bookworm) | webkit2gtk 2.38.0-1 (bookworm) |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2022-11-17
CVE-2022-42823 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
vendor_redhat·2022-10-31·CVSS 8.8
CVE-2022-32888 [HIGH] CWE-787 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Apple
CVE-2022-32888: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: macOS Big Sur 11.7
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: macOS Big Sur 11.7
Apple Security Update: About the security content of macOS Big Sur 11.7
Product: macOS Big Sur
Version: 11.7
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: macOS Monterey 12.6
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: macOS Monterey 12.6
Apple Security Update: About the security content of macOS Monterey 12.6
Product: macOS Monterey
Version: 12.6
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: iOS 16
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: iOS 16
Apple Security Update: About the security content of iOS 16
Product: iOS
Version: 16
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: iOS 15.7 and iPadOS 15.7
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: iOS 15.7 and iPadOS 15.7
Apple Security Update: About the security content of iOS 15.7 and iPadOS 15.7
Product: iOS 15.7 and iPadOS
Version: 15.7
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: watchOS 9
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: watchOS 9
Apple Security Update: About the security content of watchOS 9
Product: watchOS 9
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32888: tvOS 16
vendor_apple·2022-09-12·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: tvOS 16
Apple Security Update: About the security content of tvOS 16
Product: tvOS
Version: 16
CVE: CVE-2022-32888
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Debian
CVE-2022-32888: webkit2gtk - An out-of-bounds write issue was addressed with improved bounds checking. This i...
vendor_debian·2022·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: webkit2gtk - An out-of-bounds write issue was addressed with improved bounds checking. This i...
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.38.0-1)
bullseye: resolved (fixed in 2.38.0-1~deb11u1)
forky: resolved (fixed in 2.38.0-1)
sid: resolved (fixed in 2.38.0-1)
trixie: resolved (fixed in 2.38.0-1)
GHSA
GHSA-c3gw-7267-x4wq: An out-of-bounds write issue was addressed with improved bounds checking
ghsa_unreviewed·2022-11-02
CVE-2022-32888 [HIGH] CWE-787 GHSA-c3gw-7267-x4wq: An out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
OSV
CVE-2022-32888: An out-of-bounds write issue was addressed with improved bounds checking
osv·2022-11-01·CVSS 8.8
CVE-2022-32888 [HIGH] CVE-2022-32888: An out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2022/11/04/4https://security.gentoo.org/glsa/202305-32https://support.apple.com/en-us/HT213443https://support.apple.com/en-us/HT213444https://support.apple.com/en-us/HT213445https://support.apple.com/en-us/HT213446https://support.apple.com/en-us/HT213486https://support.apple.com/en-us/HT213487https://support.apple.com/en-us/HT213488http://www.openwall.com/lists/oss-security/2022/11/04/4https://security.gentoo.org/glsa/202305-32https://support.apple.com/en-us/HT213443https://support.apple.com/en-us/HT213444https://support.apple.com/en-us/HT213445https://support.apple.com/en-us/HT213446https://support.apple.com/en-us/HT213486https://support.apple.com/en-us/HT213487https://support.apple.com/en-us/HT213488
2022-11-01
Published