CVE-2022-42837 — Improper Input Validation in Apple Macos

CWE-20 — Improper Input Validation8 documents4 sources

Severity

9.8CRITICALNVD

EPSS

5.9%

top 9.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Watchos Apple Ipados +5 more

Timeline

PublishedDec 15

Description

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

▶NVDapple/ipados15.0 — 15.7.2+1

▶Appleapple/macos_ventura13.1

▶Appleapple/ios_16.2_and_ipados16.2

▶Appleapple/ios_15.7.2_and_ipados15.7.2

▶CVEListV5apple/macosunspecified — 13.1+2

🔴Vulnerability Details

GHSA

GHSA-qg7p-gqjj-g2r8: An issue existed in the parsing of URLs↗2022-12-15

▶

VulnCheck

iOS and iPadOS, macOS Ventura, iOS and iPadOS, and watchOS 9.2 URL Parsing Vulnerability↗2022

▶

📋Vendor Advisories

Apple

CVE-2022-42837: iOS 15.7.2 and iPadOS 15.7.2↗2022-12-13

▶

Apple

CVE-2022-42837: iOS 16.2 and iPadOS 16.2↗2022-12-13

▶

Apple

CVE-2022-42837: watchOS 9.2↗2022-12-13

▶

Apple

CVE-2022-42837: macOS Ventura 13.1↗2022-12-13

▶

Apple

CVE-2022-42837: tvOS16.2↗2022-12-13

▶