CVE-2022-26691

CVE-2022-26691

Name

CVE-2022-26691

Description

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://support.apple.com/en-us/HT213184
MISC	https://support.apple.com/en-us/HT213185
MISC	https://support.apple.com/en-us/HT213183
MISC	https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md
MLIST	https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html
DEBIAN	https://www.debian.org/security/2022/dsa-5149
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
Patch	https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/

Type

URI

MISC

https://support.apple.com/en-us/HT213184

MISC

https://support.apple.com/en-us/HT213185

MISC

https://support.apple.com/en-us/HT213183

MISC

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md

MLIST

https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html

DEBIAN

https://www.debian.org/security/2022/dsa-5149

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/

Patch

https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:apple:mac_os_x::::::::`	mac_os_x	>= 10.15	< 10.15.7
`cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update::::::`	mac_os_x	== None	== 10.15.7
`cpe:2.3:o:apple:macos::::::::`	macos	>= 11.0	< 11.6.5
`cpe:2.3:o:apple:macos::::::::`	macos	> 12.0.0	< 12.3
`cpe:2.3:a:apple:cups::::::::`	cups	>= None	< 499.4

CPE URI

Source package

Min version

Max version

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

mac_os_x

>= 10.15

< 10.15.7

cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*

mac_os_x

== None

== 10.15.7

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

macos

>= 11.0

< 11.6.5

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

macos

> 12.0.0

< 12.3

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

cups

>= None

< 499.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cups	3.14-main	2.3.3-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.13-main	2.3.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.16-main	2.4.2-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.15-main	2.3.3-r8	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.18-main	2.4.9-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.17-main	2.4.9-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.20-main	2.4.9-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.19-main	2.4.9-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	edge-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

cups

3.14-main

2.3.3-r3

Natanael Copa <ncopa@alpinelinux.org>

fixed

cups

3.13-main