CVE-2022-22620

CVE-2022-22620

Name

CVE-2022-22620

Description

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://support.apple.com/en-us/HT213092
MISC	https://support.apple.com/en-us/HT213093
MISC	https://support.apple.com/en-us/HT213091
Third Party Advisory	https://security.gentoo.org/glsa/202208-39

Type

URI

MISC

https://support.apple.com/en-us/HT213092

MISC

https://support.apple.com/en-us/HT213093

MISC

https://support.apple.com/en-us/HT213091

Third Party Advisory

https://security.gentoo.org/glsa/202208-39

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 15.3
`cpe:2.3:o:apple:ipados::::::::`	ipados	>= None	< 15.3.1
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 15.3.1
`cpe:2.3:o:apple:macos::::::::`	macos	>= 12.0.0	< 12.2.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 15.3

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

ipados

>= None

< 15.3.1

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 15.3.1

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

macos

>= 12.0.0

< 12.2.1

References

Match rules

Vulnerable and fixed packages