Sign-up

ID

VAR-202210-1471


CVE

CVE-2022-32914


TITLE

Freed memory usage vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022850

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. iOS , macOS , tvOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-32914 // JVNDB: JVNDB-2022-022850 // VULHUB: VHN-425003

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:アップルmodel:watchosscope:eqversion:9.0

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022850 // NVD: CVE-2022-32914

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-32914
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202210-1632
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32914
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022850 // NVD: CVE-2022-32914 // CNNVD: CNNVD-202210-1632

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-425003 // JVNDB: JVNDB-2022-022850 // NVD: CVE-2022-32914

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1632

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1632

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-32914

PATCH
title:HT213487 Apple  Security updateurl:https://support.apple.com/en-us/ht213443
Trust: 0.8
title:Apple macOS Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212843
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-022850 // 
            
            
            
            CNNVD: CNNVD-202210-1632

EXTERNAL IDS
db:NVDid:CVE-2022-32914
Trust: 3.3
db:JVNDBid:JVNDB-2022-022850
Trust: 0.8
db:AUSCERTid:ESB-2022.5473
Trust: 0.6
db:AUSCERTid:ESB-2022.5462
Trust: 0.6
db:AUSCERTid:ESB-2022.5300
Trust: 0.6
db:CNNVDid:CNNVD-202210-1632
Trust: 0.6
db:VULHUBid:VHN-425003
Trust: 0.1
sources:
            
            
            VULHUB: VHN-425003 // 
            
            
            
            JVNDB: JVNDB-2022-022850 // 
            
            
            
            NVD: CVE-2022-32914 // 
            
            
            
            CNNVD: CNNVD-202210-1632

REFERENCES
url:https://support.apple.com/en-us/ht213488
Trust: 2.3
url:https://support.apple.com/en-us/ht213443
Trust: 1.7
url:https://support.apple.com/en-us/ht213444
Trust: 1.7
url:https://support.apple.com/en-us/ht213446
Trust: 1.7
url:https://support.apple.com/en-us/ht213486
Trust: 1.7
url:https://support.apple.com/en-us/ht213487
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-32914
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-32914/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5462
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5473
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5300
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702
Trust: 0.6
sources:
            
            
            VULHUB: VHN-425003 // 
            
            
            
            JVNDB: JVNDB-2022-022850 // 
            
            
            
            NVD: CVE-2022-32914 // 
            
            
            
            CNNVD: CNNVD-202210-1632

SOURCES
db:VULHUBid:VHN-425003
db:JVNDBid:JVNDB-2022-022850
db:NVDid:CVE-2022-32914
db:CNNVDid:CNNVD-202210-1632

LAST UPDATE DATE
2023-12-18T11:30:40.120000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-425003date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-022850date:2023-11-21T02:27:00
db:NVDid:CVE-2022-32914date:2022-11-02T16:11:01.580
db:CNNVDid:CNNVD-202210-1632date:2022-11-03T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-425003date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022850date:2023-11-21T00:00:00
db:NVDid:CVE-2022-32914date:2022-11-01T20:15:19.280
db:CNNVDid:CNNVD-202210-1632date:2022-10-24T00:00:00