Vulnerability-Lookup

CVE-2022-1381 (GCVE-0-2022-1381)

Vulnerability from cvelistv5 – Published: 2022-04-17 00:00 – Updated: 2024-08-03 00:03

Title

global heap buffer overflow in skip_range in vim/vim

Summary

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

@huntrdev

References

URL

	Vendor	Product	Version
	vim	vim/vim	Affected: unspecified , < 8.2.4763 (custom)

CVE-2022-1381

Vulnerability from fstec - Published: 13.04.2022

Title

Уязвимость реализации функции skip_range() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Description

Уязвимость реализации функции skip_range() текстового редактора Vim связана с использованием недопустимого указателя с параметром «V:» в режиме Ex. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслуживании с помощью специально созданного файла

Severity ?


                    
                      AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Fedora Project, ООО «Ред Софт», АО «ИВК», Сообщество свободного программного обеспечения

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), vim

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 34 (Fedora), 35 (Fedora), 7.3 (РЕД ОС), - (Альт 8 СП), до 8.2.4763 (vim)

Possible Mitigations

Использование рекомендаций: Для Vim: https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/ Для Альт 8 СП: https://altsp.su/obnovleniya-bezopasnosti/ Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет vim до 2:9.0.0242-1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81

Reference

https://redos.red-soft.ru/support/secure/ https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/ https://nvd.nist.gov/vuln/detail/CVE-2022-1381 https://access.redhat.com/security/cve/cve-2022-1381 https://bugzilla.redhat.com/show_bug.cgi?id=2076170 https://altsp.su/obnovleniya-bezopasnosti/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81

CWE

CWE-119, CWE-122, CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 34 (Fedora), 35 (Fedora), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 8.2.4763 (vim)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Vim:\nhttps://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f:\nhttps://altsp.su/obnovleniya-bezopasnosti/\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 vim \u0434\u043e 2:9.0.0242-1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.06.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03269",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1381",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), vim",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 34 , Fedora Project Fedora 35 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 skip_range() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 skip_range() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u00abV:\u00bb \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 Ex. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 \nhttps://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4 \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1381\nhttps://access.redhat.com/security/cve/cve-2022-1381\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2076170\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-122, CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

GSD-2022-1381

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-1381

Aliases

CVE-2022-1381

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-1381",
    "description": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
    "id": "GSD-2022-1381",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-1381.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2022-1381.html",
      "https://advisories.mageia.org/CVE-2022-1381.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-1381"
      ],
      "details": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
      "id": "GSD-2022-1381",
      "modified": "2023-12-13T01:19:28.461443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@huntr.dev",
        "ID": "CVE-2022-1381",
        "STATE": "PUBLIC",
        "TITLE": "global heap buffer overflow in skip_range in vim/vim"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vim/vim",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.2.4763"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "vim"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-122 Heap-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
            "refsource": "CONFIRM",
            "url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
          },
          {
            "name": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47",
            "refsource": "MISC",
            "url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
          },
          {
            "name": "FEDORA-2022-e304fffd34",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
          },
          {
            "name": "FEDORA-2022-b605768c94",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
          },
          {
            "name": "GLSA-202208-32",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202208-32"
          },
          {
            "name": "https://support.apple.com/kb/HT213488",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "GLSA-202305-16",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202305-16"
          }
        ]
      },
      "source": {
        "advisory": "55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.4763",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-1381"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
            },
            {
              "name": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
            },
            {
              "name": "FEDORA-2022-e304fffd34",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
            },
            {
              "name": "FEDORA-2022-b605768c94",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
            },
            {
              "name": "GLSA-202208-32",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-32"
            },
            {
              "name": "https://support.apple.com/kb/HT213488",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT213488"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
            },
            {
              "name": "GLSA-202305-16",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202305-16"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-03T12:15Z",
      "publishedDate": "2022-04-18T01:15Z"
    }
  }
}

GHSA-PQ29-2M6M-938V

Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-27 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-1381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-18T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
  "id": "GHSA-pq29-2m6m-938v",
  "modified": "2022-04-27T00:00:28Z",
  "published": "2022-04-19T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-1381

Vulnerability from fkie_nvd - Published: 2022-04-18 01:15 - Updated: 2024-11-21 06:40

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@huntr.dev	http://seclists.org/fulldisclosure/2022/Oct/28
security@huntr.dev	http://seclists.org/fulldisclosure/2022/Oct/41	Mailing List, Release Notes, Third Party Advisory
security@huntr.dev	https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47	Patch, Third Party Advisory
security@huntr.dev	https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4	Exploit, Patch, Third Party Advisory
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
security@huntr.dev	https://security.gentoo.org/glsa/202208-32	Third Party Advisory
security@huntr.dev	https://security.gentoo.org/glsa/202305-16
security@huntr.dev	https://support.apple.com/kb/HT213488	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Oct/28
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Oct/41	Mailing List, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202208-32	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-16
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213488	Release Notes, Third Party Advisory

Impacted products

Vendor	Product	Version
vim	vim	*
fedoraproject	fedora	34
fedoraproject	fedora	35
fedoraproject	fedora	36
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC687BA9-5BCF-4580-A12A-90F13DB84492",
              "versionEndExcluding": "8.2.4763",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
              "versionEndExcluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution"
    },
    {
      "lang": "es",
      "value": "Un Desbordamiento del b\u00fafer de la pila global en la funci\u00f3n skip_range en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4763. Esta vulnerabilidad es capaz de bloquear el software, Omitir el Mecanismo de Protecci\u00f3n, Modificar la Memoria y una posible ejecuci\u00f3n remota"
    }
  ],
  "id": "CVE-2022-1381",
  "lastModified": "2024-11-21T06:40:36.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.8,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-18T01:15:10.183",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6E457NYOIRWBJHKB7ON44UY5AVTG4HU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213488"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CERTFR-2022-AVI-947

Vulnerability from certfr_avis - Published: 2022-10-25 - Updated: 2022-10-25

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 9.1
Apple	N/A	iPadOS versions antérieures à 16
Apple	macOS	macOS Monterey versions antérieures à 12.6.1
Apple	Safari	Safari versions antérieures à 16.1
Apple	macOS	macOS Ventura versions antérieures à 13
Apple	N/A	iOS versions antérieures à 16.1
Apple	macOS	macOS Big Sur versions antérieures à 11.7.1
Apple	N/A	tvOS versions antérieures à 16.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213493 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213489 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213492 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213491 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213494 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213488 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213495 du 24 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1621"
    },
    {
      "name": "CVE-2022-42819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42819"
    },
    {
      "name": "CVE-2022-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
    },
    {
      "name": "CVE-2022-2000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2000"
    },
    {
      "name": "CVE-2022-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1381"
    },
    {
      "name": "CVE-2022-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
    },
    {
      "name": "CVE-2021-39537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
    },
    {
      "name": "CVE-2022-1898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1898"
    },
    {
      "name": "CVE-2022-42832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42832"
    },
    {
      "name": "CVE-2022-42823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42823"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-32913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32913"
    },
    {
      "name": "CVE-2022-32928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32928"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2022-42815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42815"
    },
    {
      "name": "CVE-2022-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1968"
    },
    {
      "name": "CVE-2022-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32936"
    },
    {
      "name": "CVE-2022-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-42793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42793"
    },
    {
      "name": "CVE-2022-32915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
    },
    {
      "name": "CVE-2022-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1629"
    },
    {
      "name": "CVE-2022-42827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
    },
    {
      "name": "CVE-2022-42830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42830"
    },
    {
      "name": "CVE-2022-0554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
    },
    {
      "name": "CVE-2022-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32862"
    },
    {
      "name": "CVE-2022-0572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
    },
    {
      "name": "CVE-2022-42824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42824"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
    },
    {
      "name": "CVE-2022-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1733"
    },
    {
      "name": "CVE-2022-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0943"
    },
    {
      "name": "CVE-2022-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1927"
    },
    {
      "name": "CVE-2022-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1851"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2022-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42795"
    },
    {
      "name": "CVE-2022-1897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
    },
    {
      "name": "CVE-2022-0368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
    },
    {
      "name": "CVE-2022-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
    },
    {
      "name": "CVE-2022-42829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42829"
    },
    {
      "name": "CVE-2022-42831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42831"
    },
    {
      "name": "CVE-2022-42806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42806"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2022-42796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42796"
    },
    {
      "name": "CVE-2022-32866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32866"
    },
    {
      "name": "CVE-2022-42808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42808"
    },
    {
      "name": "CVE-2022-32940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32940"
    },
    {
      "name": "CVE-2022-42790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42790"
    },
    {
      "name": "CVE-2022-42788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42788"
    },
    {
      "name": "CVE-2022-32886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32886"
    },
    {
      "name": "CVE-2022-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
    },
    {
      "name": "CVE-2022-0629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
    },
    {
      "name": "CVE-2022-29458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
    },
    {
      "name": "CVE-2022-32890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32890"
    },
    {
      "name": "CVE-2022-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
    },
    {
      "name": "CVE-2022-42814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42814"
    },
    {
      "name": "CVE-2022-32867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32867"
    },
    {
      "name": "CVE-2022-32924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32924"
    },
    {
      "name": "CVE-2022-32883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32883"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2022-42818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42818"
    },
    {
      "name": "CVE-2022-42789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42789"
    },
    {
      "name": "CVE-2022-32912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32912"
    },
    {
      "name": "CVE-2022-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32918"
    },
    {
      "name": "CVE-2022-32908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32908"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2022-32911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32911"
    },
    {
      "name": "CVE-2022-42813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42813"
    },
    {
      "name": "CVE-2022-32864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32864"
    },
    {
      "name": "CVE-2022-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1942"
    },
    {
      "name": "CVE-2022-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1735"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2022-42809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42809"
    },
    {
      "name": "CVE-2022-0359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
    },
    {
      "name": "CVE-2022-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
    },
    {
      "name": "CVE-2022-32898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32898"
    },
    {
      "name": "CVE-2022-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32938"
    },
    {
      "name": "CVE-2022-32827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32827"
    },
    {
      "name": "CVE-2022-26730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26730"
    },
    {
      "name": "CVE-2022-42799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42799"
    },
    {
      "name": "CVE-2022-32914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32914"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2022-32875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32875"
    },
    {
      "name": "CVE-2022-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-32892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32892"
    },
    {
      "name": "CVE-2022-32881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32881"
    },
    {
      "name": "CVE-2022-42811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42811"
    },
    {
      "name": "CVE-2022-32905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32905"
    },
    {
      "name": "CVE-2022-32895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32895"
    },
    {
      "name": "CVE-2022-32922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32922"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2022-32902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32902"
    },
    {
      "name": "CVE-2022-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
    },
    {
      "name": "CVE-2022-32904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32904"
    },
    {
      "name": "CVE-2022-32879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32879"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2022-32865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32865"
    },
    {
      "name": "CVE-2022-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1769"
    },
    {
      "name": "CVE-2022-32947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32947"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2022-32858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32858"
    },
    {
      "name": "CVE-2022-32899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32899"
    },
    {
      "name": "CVE-2022-32870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32870"
    },
    {
      "name": "CVE-2022-0685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
    },
    {
      "name": "CVE-2022-42820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42820"
    },
    {
      "name": "CVE-2022-32934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32934"
    },
    {
      "name": "CVE-2022-42825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42825"
    },
    {
      "name": "CVE-2022-32888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32888"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-42791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42791"
    },
    {
      "name": "CVE-2022-32946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32946"
    }
  ],
  "initial_release_date": "2022-10-25T00:00:00",
  "last_revision_date": "2022-10-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-947",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9\u00a0CVE-2022-42827 serait activement\nexploit\u00e9e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213493 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213489 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213489"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213492 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213492"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213491 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213491"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213494 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213488 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213495 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213495"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-1381 (GCVE-0-2022-1381)

CVE-2022-1381

GSD-2022-1381

GHSA-PQ29-2M6M-938V

FKIE_CVE-2022-1381

CERTFR-2022-AVI-947

Solution

Tags

Sightings

Nomenclature