Vulnerability-Lookup

CVE-2022-32888 (GCVE-0-2022-32888)

Vulnerability from cvelistv5 – Published: 2022-11-01 00:00 – Updated: 2025-05-05 15:01

Summary

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

URL

GHSA-C3GW-7267-X4WQ

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-03 19:00

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-c3gw-7267-x4wq",
  "modified": "2022-11-03T19:00:26Z",
  "published": "2022-11-02T12:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32888"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-32"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213443"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213444"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213446"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213486"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/11/04/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-32888

Vulnerability from fstec - Published: 27.10.2022

Title

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ"

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), WebKitGTK, WPE WebKit

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), до 2.7 (ОСОН ОСнова Оnyx), до 2.38.0 (WebKitGTK), до 2.38.0 (WPE WebKit)

Possible Mitigations

Для WebKitGTK: использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2022-0010.html Для WPE WebKit: Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2022-32888 Для ОС Astra Linux: обновить пакет webkit2gtk до 2.38.0-1~deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения webkit2gtk до версии 2.38.3-1~deb10u1

Reference

http://www.openwall.com/lists/oss-security/2022/11/04/4 https://nvd.nist.gov/vuln/detail/CVE-2022-32888 https://security-tracker.debian.org/tracker/CVE-2022-32888 https://support.apple.com/en-us/HT213443 https://support.apple.com/en-us/HT213444 https://support.apple.com/en-us/HT213445 https://support.apple.com/en-us/HT213446 https://support.apple.com/en-us/HT213486 https://support.apple.com/en-us/HT213487 https://support.apple.com/en-us/HT213488 https://webkitgtk.org/security/WSA-2022-0010.html https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.38.0 (WebKitGTK), \u0434\u043e 2.38.0 (WPE WebKit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f WebKitGTK:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2022-0010.html\n\u0414\u043b\u044f WPE WebKit:\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2022-32888\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.38.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx: \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.38.3-1~deb10u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06954",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-32888",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), WebKitGTK, WPE WebKit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2022/11/04/4\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32888\nhttps://security-tracker.debian.org/tracker/CVE-2022-32888\nhttps://support.apple.com/en-us/HT213443\nhttps://support.apple.com/en-us/HT213444\nhttps://support.apple.com/en-us/HT213445\nhttps://support.apple.com/en-us/HT213446\nhttps://support.apple.com/en-us/HT213486\nhttps://support.apple.com/en-us/HT213487\nhttps://support.apple.com/en-us/HT213488\nhttps://webkitgtk.org/security/WSA-2022-0010.html\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

cve-2022-32888

Vulnerability from osv_almalinux

Published

2023-05-16 00:00

Modified

2023-05-19 22:03

Summary

Important: webkit2gtk3 security and bug fix update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)\n* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)\n* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)\n* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)\n* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)\n* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)\n* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)\n* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)\n* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)\n* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:2834",
  "modified": "2023-05-19T22:03:35Z",
  "published": "2023-05-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:2834"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32886"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32888"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32923"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42799"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42823"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42824"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42826"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42863"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42867"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46691"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46692"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46698"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46699"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46700"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-23517"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-23518"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25358"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25360"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25361"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25362"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25363"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128643"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140501"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140502"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140503"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140504"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140505"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156986"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156987"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156989"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156990"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156991"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156992"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156993"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156994"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167716"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167717"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175099"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175101"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175103"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175105"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175107"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-2834.html"
    }
  ],
  "related": [
    "CVE-2022-42826",
    "CVE-2023-23517",
    "CVE-2023-23518",
    "CVE-2022-32886",
    "CVE-2022-32888",
    "CVE-2022-32923",
    "CVE-2022-42799",
    "CVE-2022-42823",
    "CVE-2022-42824",
    "CVE-2022-42852",
    "CVE-2022-42863",
    "CVE-2022-42867",
    "CVE-2022-46691",
    "CVE-2022-46692",
    "CVE-2022-46698",
    "CVE-2022-46699",
    "CVE-2022-46700",
    "CVE-2023-25358",
    "CVE-2023-25360",
    "CVE-2023-25361",
    "CVE-2023-25362",
    "CVE-2023-25363"
  ],
  "summary": "Important: webkit2gtk3 security and bug fix update"
}

cve-2022-32888

Vulnerability from osv_almalinux

Published

2023-05-09 00:00

Modified

2023-05-12 09:20

Summary

Important: webkit2gtk3 security and bug fix update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.38.5-1.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)\n* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)\n* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)\n* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)\n* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)\n* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)\n* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)\n* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)\n* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)\n* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:2256",
  "modified": "2023-05-12T09:20:55Z",
  "published": "2023-05-09T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:2256"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32886"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32888"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32923"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42799"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42823"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42824"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42826"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42863"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42867"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46691"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46692"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46698"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46699"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-46700"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-23517"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-23518"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25358"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25360"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25361"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25362"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25363"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128643"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140501"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140502"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140503"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140504"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2140505"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156986"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156987"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156989"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156990"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156991"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156992"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156993"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156994"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167716"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2167717"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175099"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175101"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175103"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175105"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175107"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-2256.html"
    }
  ],
  "related": [
    "CVE-2022-42826",
    "CVE-2023-23517",
    "CVE-2023-23518",
    "CVE-2022-32886",
    "CVE-2022-32888",
    "CVE-2022-32923",
    "CVE-2022-42799",
    "CVE-2022-42823",
    "CVE-2022-42824",
    "CVE-2022-42852",
    "CVE-2022-42863",
    "CVE-2022-42867",
    "CVE-2022-46691",
    "CVE-2022-46692",
    "CVE-2022-46698",
    "CVE-2022-46699",
    "CVE-2022-46700",
    "CVE-2023-25358",
    "CVE-2023-25360",
    "CVE-2023-25361",
    "CVE-2023-25362",
    "CVE-2023-25363"
  ],
  "summary": "Important: webkit2gtk3 security and bug fix update"
}

GSD-2022-32888

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-32888

Aliases

CVE-2022-32888

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32888",
    "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.",
    "id": "GSD-2022-32888",
    "references": [
      "https://advisories.mageia.org/CVE-2022-32888.html",
      "https://www.suse.com/security/cve/CVE-2022-32888.html",
      "https://ubuntu.com/security/CVE-2022-32888"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32888"
      ],
      "details": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.",
      "id": "GSD-2022-32888",
      "modified": "2023-12-13T01:19:12.832601Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2022-32888",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "13"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "16"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "9"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "16"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213446",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213446"
          },
          {
            "name": "https://support.apple.com/en-us/HT213443",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213443"
          },
          {
            "name": "https://support.apple.com/en-us/HT213445",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213445"
          },
          {
            "name": "https://support.apple.com/en-us/HT213444",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213444"
          },
          {
            "name": "https://support.apple.com/en-us/HT213488",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213488"
          },
          {
            "name": "https://support.apple.com/en-us/HT213486",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213486"
          },
          {
            "name": "https://support.apple.com/en-us/HT213487",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213487"
          },
          {
            "name": "[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/11/04/4"
          },
          {
            "name": "GLSA-202305-32",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202305-32"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.7",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-32888"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213443",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213443"
            },
            {
              "name": "https://support.apple.com/en-us/HT213487",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213487"
            },
            {
              "name": "https://support.apple.com/en-us/HT213444",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213444"
            },
            {
              "name": "https://support.apple.com/en-us/HT213488",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213488"
            },
            {
              "name": "https://support.apple.com/en-us/HT213486",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213486"
            },
            {
              "name": "https://support.apple.com/en-us/HT213445",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213445"
            },
            {
              "name": "https://support.apple.com/en-us/HT213446",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213446"
            },
            {
              "name": "[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/04/4"
            },
            {
              "name": "GLSA-202305-32",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202305-32"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-30T06:15Z",
      "publishedDate": "2022-11-01T20:15Z"
    }
  }
}

FKIE_CVE-2022-32888

Vulnerability from fkie_nvd - Published: 2022-11-01 20:15 - Updated: 2025-05-05 15:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.openwall.com/lists/oss-security/2022/11/04/4	Mailing List, Third Party Advisory
product-security@apple.com	https://security.gentoo.org/glsa/202305-32
product-security@apple.com	https://support.apple.com/en-us/HT213443	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213444	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213445	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213446	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213486	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213487	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213488	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/11/04/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-32
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213443	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213444	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213445	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213446	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213486	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213487	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213488	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "613EE342-B8E6-4E88-B8F5-CCD918F2D704",
              "versionEndExcluding": "15.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B639E246-8791-46E2-BAB9-E9B9E79C0F8D",
              "versionEndExcluding": "15.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8400BA2C-947C-40A8-AD5A-9BF477397E0D",
              "versionEndExcluding": "11.7",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A274B0-D746-4C2E-A03A-CDC28DB3333E",
              "versionEndExcluding": "12.6",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "534DED19-82FC-4E39-BFD3-F2FE5C71A66B",
              "versionEndExcluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "712A2CD4-6807-496A-8467-BFB138371E51",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de escritura fuera de l\u00edmites mejorando la verificaci\u00f3n de l\u00edmites. Este problema se solucion\u00f3 en macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 y iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2022-32888",
  "lastModified": "2025-05-05T15:15:47.340",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-01T20:15:18.587",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/11/04/4"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://security.gentoo.org/glsa/202305-32"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213443"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213444"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213446"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213486"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/11/04/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213488"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2022-AVI-947

Vulnerability from certfr_avis - Published: 2022-10-25 - Updated: 2022-10-25

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 9.1
Apple	N/A	iPadOS versions antérieures à 16
Apple	macOS	macOS Monterey versions antérieures à 12.6.1
Apple	Safari	Safari versions antérieures à 16.1
Apple	macOS	macOS Ventura versions antérieures à 13
Apple	N/A	iOS versions antérieures à 16.1
Apple	macOS	macOS Big Sur versions antérieures à 11.7.1
Apple	N/A	tvOS versions antérieures à 16.1

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-32888 (GCVE-0-2022-32888)

GHSA-C3GW-7267-X4WQ

CVE-2022-32888

cve-2022-32888

Vulnerability from osv_almalinux

cve-2022-32888

Vulnerability from osv_almalinux

GSD-2022-32888

FKIE_CVE-2022-32888

CERTFR-2022-AVI-947

Solution

Tags

Sightings

Nomenclature