CVE-2022-32893

CVE-2022-32893

Name

CVE-2022-32893

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://support.apple.com/en-us/HT213414
MISC	https://support.apple.com/en-us/HT213412
MISC	https://support.apple.com/en-us/HT213413
MLIST	http://www.openwall.com/lists/oss-security/2022/08/25/5
MLIST	http://www.openwall.com/lists/oss-security/2022/08/26/2
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
DEBIAN	https://www.debian.org/security/2022/dsa-5219
DEBIAN	https://www.debian.org/security/2022/dsa-5220
Third Party Advisory	http://www.openwall.com/lists/oss-security/2022/08/29/1
MLIST	http://www.openwall.com/lists/oss-security/2022/08/29/2
MLIST	https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html
GENTOO	https://security.gentoo.org/glsa/202208-39
FULLDISC	http://seclists.org/fulldisclosure/2022/Aug/16
Mailing List	http://www.openwall.com/lists/oss-security/2022/09/02/10
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
Mailing List	http://www.openwall.com/lists/oss-security/2022/09/13/1
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/49

Type

URI

MISC

https://support.apple.com/en-us/HT213414

MISC

https://support.apple.com/en-us/HT213412

MISC

https://support.apple.com/en-us/HT213413

MLIST

http://www.openwall.com/lists/oss-security/2022/08/25/5

MLIST

http://www.openwall.com/lists/oss-security/2022/08/26/2

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/

DEBIAN

https://www.debian.org/security/2022/dsa-5219

DEBIAN

https://www.debian.org/security/2022/dsa-5220

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/08/29/1

MLIST

http://www.openwall.com/lists/oss-security/2022/08/29/2

MLIST

https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html

GENTOO

https://security.gentoo.org/glsa/202208-39

FULLDISC

http://seclists.org/fulldisclosure/2022/Aug/16

Mailing List

http://www.openwall.com/lists/oss-security/2022/09/02/10

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/

Mailing List

http://www.openwall.com/lists/oss-security/2022/09/13/1

Mailing List

http://seclists.org/fulldisclosure/2022/Oct/49

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 15.6.1
`cpe:2.3:o:apple:ipados::::::::`	ipados	>= None	< 15.6.1
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 15.6.1
`cpe:2.3:o:apple:macos::::::::`	macos	>= 12.0	< 12.5.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 15.6.1

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

ipados

>= None

< 15.6.1

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 15.6.1

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

macos

>= 12.0

< 12.5.1

References

Match rules

Vulnerable and fixed packages