CVE-2022-42808 — Out-of-bounds Write in Apple Macos

CWE-787 — Out-of-bounds Write6 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Tvos Apple Watchos +4 more

Timeline

PublishedNov 1

Latest updateNov 2

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

▶Appleapple/macos_ventura13

▶CVEListV5apple/tvosunspecified — 16.1

▶NVDapple/tvos< 16.1

▶CVEListV5apple/macosunspecified — 13

▶NVDapple/macos< 13.0

🔴Vulnerability Details

GHSA

GHSA-pr54-qrpp-j9vj: An out-of-bounds write issue was addressed with improved bounds checking↗2022-11-02

▶

📋Vendor Advisories

Apple

CVE-2022-42808: macOS Ventura 13↗2022-10-24

▶

Apple

CVE-2022-42808: watchOS 9.1↗2022-10-24

▶

Apple

CVE-2022-42808: iOS 16.1 and iPadOS 16↗2022-10-24

▶

Apple

CVE-2022-42808: tvOS 16.1↗2022-10-24

▶