CVE-2022-32938 — Path Traversal in Apple Macos

CWE-22 — Path Traversal4 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Ipados Apple Iphone OS +2 more

Timeline

PublishedNov 1

Latest updateNov 2

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶Appleapple/macos_ventura13

▶CVEListV5apple/macosunspecified — 13+1

▶NVDapple/macos< 13.0

▶NVDapple/ipados< 16.0

▶Appleapple/ios_16.1_and_ipados16

🔴Vulnerability Details

GHSA

GHSA-r3x3-pfq4-cvw2: A parsing issue in the handling of directory paths was addressed with improved path validation↗2022-11-02

▶

📋Vendor Advisories

Apple

CVE-2022-32938: iOS 16.1 and iPadOS 16↗2022-10-24

▶

Apple

CVE-2022-32938: macOS Ventura 13↗2022-10-24

▶