CVE-2022-42863

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213532	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213530	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213537	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213535	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213536	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2022/Dec/26	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/28	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/20	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/23	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/27	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/12/26/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:a:apple:safari::::::::

Information

Published : 2022-12-15 11:15

Updated : 2023-01-09 08:58

NVD link : CVE-2022-42863

Mitre link : CVE-2022-42863

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

apple

tvos
macos
safari
watchos
iphone_os
ipados

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213532", "name": "https://support.apple.com/en-us/HT213532", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213530", "name": "https://support.apple.com/en-us/HT213530", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213537", "name": "https://support.apple.com/en-us/HT213537", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213535", "name": "https://support.apple.com/en-us/HT213535", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213536", "name": "https://support.apple.com/en-us/HT213536", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/26", "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/28", "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/20", "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/23", "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/27", "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1", "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-42863", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-12-15T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}, {"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2"}, {"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "13.1"}, {"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T16:58Z"}

8.8 /10