CVE-2022-32908

CWE-787 — Out-of-bounds Write10 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 67.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Macos Apple Ipados +3 more

Timeline

PublishedSep 20

Latest updateOct 24

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5apple/macosunspecified — 11.7+2

▶NVDapple/macos11.0 — 11.7+1

▶NVDapple/ipados< 15.7

▶CVEListV5apple/iosunspecified — 16

▶NVDapple/tvos< 16.0

🔴Vulnerability Details

GHSA

GHSA-hjx6-46xp-4mxh: A memory corruption issue was addressed with improved input validation↗2022-09-21

▶

CVEList

CVE-2022-32908: A memory corruption issue was addressed with improved input validation↗2022-09-20

▶

📋Vendor Advisories

Apple

CVE-2022-32908: macOS Ventura 13↗2022-10-24

▶

Apple

CVE-2022-32908: tvOS 16↗2022-09-12

▶

Apple

CVE-2022-32908: iOS 15.7 and iPadOS 15.7↗2022-09-12

▶

Apple

CVE-2022-32908: watchOS 9↗2022-09-12

▶

Apple

CVE-2022-32908: macOS Monterey 12.6↗2022-09-12

▶