CVE-2022-42837

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213531	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213532	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213530	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213536	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2022/Dec/20	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/21	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/23	Mailing List Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos:13.0:::::::*
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::

Information

Published : 2022-12-15 11:15

Updated : 2023-01-09 09:00

NVD link : CVE-2022-42837

Mitre link : CVE-2022-42837

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

apple

watchos
iphone_os
ipados
macos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213531", "name": "https://support.apple.com/en-us/HT213531", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213532", "name": "https://support.apple.com/en-us/HT213532", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213530", "name": "https://support.apple.com/en-us/HT213530", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213536", "name": "https://support.apple.com/en-us/HT213536", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/20", "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/21", "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/23", "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-42837", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-15T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7.2", "versionStartIncluding": "15.0"}, {"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7.2", "versionStartIncluding": "15.0"}, {"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2", "versionStartIncluding": "16.0"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2", "versionStartIncluding": "16.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T17:00Z"}