CVE-2022-32817

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

CVSS v3.0 5.5 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213345	Vendor Advisory
https://support.apple.com/en-us/HT213342	Vendor Advisory
https://support.apple.com/en-us/HT213340	Vendor Advisory
https://support.apple.com/en-us/HT213346	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:tvos::::::::

Information

Published : 2022-09-23 12:15

Updated : 2023-01-09 08:41

NVD link : CVE-2022-32817

Mitre link : CVE-2022-32817

JSON object : View

CWE

CWE-125

Out-of-bounds Read

Advertisement

Products Affected

apple

tvos
macos
watchos
iphone_os
ipados

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213345", "name": "https://support.apple.com/en-us/HT213345", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213342", "name": "https://support.apple.com/en-us/HT213342", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213340", "name": "https://support.apple.com/en-us/HT213340", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213346", "name": "https://support.apple.com/en-us/HT213346", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-32817", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2022-09-23T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.5", "versionStartIncluding": "12.0"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.6"}, {"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.6"}, {"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.7"}, {"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T16:41Z"}