Details of VAR-202210-0549

ID

VAR-202210-0549

CVE

CVE-2022-22658

TITLE

apple's iOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022835

DESCRIPTION

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. apple's iOS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. iOS 16.0.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-10-1 iOS 16.0.3 iOS 16.0.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213480. CVE-2022-22658 This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.0.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNEeR8ACgkQ4RjMIDke Nxleqg//enpuZG3s0Sr/encUwpnH0CXJYA8FficNu+x9mcZ1K9/cJzb0eWQKC4Fb NwzGBoa/8/rOr5yziBK4+aPoKl9XTrror6OMx3eUWbFHiaO+7BfnU9pRgtQeJSMF RxI0qCvd94No/8ir2v4O7+Ao0rC8GjchPxKZKcN4JnFSTYhsmh/DSnBw/huIg2hx t5UhWaw+sMs1xBcBJzmeUb0NFdMYf+zlH8CI7CUzzaz1FC42y5q0168tJRClc+iJ BKbszJ7vqjp9jcjYJtQZLzwR2L9EP9vmDm9o4Dlgjom2L3V5SV7nNmBnL/vNdQDe IrAlctKXxvH4K23EhTflnXbmlSj7wwIcm8wKWBcmVv9kJEg4V5Kx8wN3qMPjC6GS zxBW867GgE65XWqV6Qgotl96lMFITHA+JUT5htQSsbkebn9F8Bk0igAqEzgR/chv c79fSd3rT7a9Bcv3r9bgZo8c09XVWFEGogrmLqCjEgvAnmDyE1Dk8rPwgInQgyc5 Qvc5aluqW7J9Yihvx6wwHc8jLPbqM1LMqyIk3g0h+xxKFiH7zqIKw2J+fxCJS3El oBaoeyAD8EJZCoanFwmeI5GBN2gz87gbFoBuXGLAu3OgJFOF6FiHrYRL5Iu33ON0 QDwxaf91oL4zX5HaCTh5DBb6b493ITmDS7CbSY21ahbgWl1bcbQ= =198b -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-22658 // JVNDB: JVNDB-2022-022835 // VULHUB: VHN-411286 // VULMON: CVE-2022-22658 // PACKETSTORM: 168707

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.0.3	Trust: 1.0
vendor:	アップル	model:	ios	scope:	eq	version:	16.0.3	Trust: 0.8
vendor:	アップル	model:	ios	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-022835 // NVD: CVE-2022-22658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22658
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-22658
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22658
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-378
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-22658
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-22658
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-022835 // CNNVD: CNNVD-202210-378 // NVD: CVE-2022-22658 // NVD: CVE-2022-22658

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411286 // JVNDB: JVNDB-2022-022835 // NVD: CVE-2022-22658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-378

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-378

PATCH

title:	HT213480 Apple Security update	url:	https://support.apple.com/en-us/HT213480	Trust: 0.8
title:	Apple iOS Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=212961	Trust: 0.6
title:	Apple: iOS 16.0.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c7591bbc3060d93032e0dcbf4b1f7fc7	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2022/10/11/october_patch_tuesday/	Trust: 0.1

sources: VULMON: CVE-2022-22658 // JVNDB: JVNDB-2022-022835 // CNNVD: CNNVD-202210-378

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22658	Trust: 3.5
db:	PACKETSTORM	id:	168707	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-022835	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-378	Trust: 0.7
db:	VULHUB	id:	VHN-411286	Trust: 0.1
db:	VULMON	id:	CVE-2022-22658	Trust: 0.1

sources: VULHUB: VHN-411286 // VULMON: CVE-2022-22658 // JVNDB: JVNDB-2022-022835 // PACKETSTORM: 168707 // CNNVD: CNNVD-202210-378 // NVD: CVE-2022-22658

REFERENCES

url:	https://support.apple.com/en-us/ht213480	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22658	Trust: 0.9
url:	https://cxsecurity.com/cveshow/cve-2022-22658/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-denial-of-service-via-email-message-39501	Trust: 0.6
url:	https://packetstormsecurity.com/files/168707/apple-security-advisory-2022-10-10-1.html	Trust: 0.6
url:	https://support.apple.com/kb/ht213480	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://support.apple.com/ht213480.	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1

sources: VULHUB: VHN-411286 // VULMON: CVE-2022-22658 // JVNDB: JVNDB-2022-022835 // PACKETSTORM: 168707 // CNNVD: CNNVD-202210-378 // NVD: CVE-2022-22658

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 168707

SOURCES

db:	VULHUB	id:	VHN-411286
db:	VULMON	id:	CVE-2022-22658
db:	JVNDB	id:	JVNDB-2022-022835
db:	PACKETSTORM	id:	168707
db:	CNNVD	id:	CNNVD-202210-378
db:	NVD	id:	CVE-2022-22658

LAST UPDATE DATE

2025-05-07T22:53:15.564000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411286	date:	2022-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-022835	date:	2023-11-21T01:52:00
db:	CNNVD	id:	CNNVD-202210-378	date:	2022-11-04T00:00:00
db:	NVD	id:	CVE-2022-22658	date:	2025-05-06T15:15:57.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411286	date:	2022-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-022835	date:	2023-11-21T00:00:00
db:	PACKETSTORM	id:	168707	date:	2022-10-14T14:22:22
db:	CNNVD	id:	CNNVD-202210-378	date:	2022-10-10T00:00:00
db:	NVD	id:	CVE-2022-22658	date:	2022-11-01T20:15:17.233