Sign-up

ID

VAR-202210-1624


CVE

CVE-2022-42827


TITLE

Apple iOS and iPadOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Trust: 0.99

sources: NVD: CVE-2022-42827 // VULHUB: VHN-439608

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:16.0

Trust: 1.0

sources: NVD: CVE-2022-42827

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-42827
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1651
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-42827 // CNNVD: CNNVD-202210-1651

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-439608 // NVD: CVE-2022-42827

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1651

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-42827

PATCH
title:Apple iOS  and iPadOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212970
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-1651

EXTERNAL IDS
db:NVDid:CVE-2022-42827
Trust: 1.7
db:AUSCERTid:ESB-2022.5303
Trust: 0.6
db:AUSCERTid:ESB-2022.5461
Trust: 0.6
db:CNNVDid:CNNVD-202210-1651
Trust: 0.6
db:VULHUBid:VHN-439608
Trust: 0.1
sources:
            
            
            VULHUB: VHN-439608 // 
            
            
            
            NVD: CVE-2022-42827 // 
            
            
            
            CNNVD: CNNVD-202210-1651

REFERENCES
url:https://support.apple.com/en-us/ht213489
Trust: 2.3
url:https://support.apple.com/en-us/ht213490
Trust: 2.3
url:https://www.auscert.org.au/bulletins/esb-2022.5461
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-42827/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5303
Trust: 0.6
sources:
            
            
            VULHUB: VHN-439608 // 
            
            
            
            NVD: CVE-2022-42827 // 
            
            
            
            CNNVD: CNNVD-202210-1651

SOURCES
db:VULHUBid:VHN-439608
db:NVDid:CVE-2022-42827
db:CNNVDid:CNNVD-202210-1651

LAST UPDATE DATE
2023-12-18T11:53:20.980000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-439608date:2022-11-03T00:00:00
db:NVDid:CVE-2022-42827date:2022-11-03T13:33:54.017
db:CNNVDid:CNNVD-202210-1651date:2022-11-04T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-439608date:2022-11-01T00:00:00
db:NVDid:CVE-2022-42827date:2022-11-01T20:15:24.333
db:CNNVDid:CNNVD-202210-1651date:2022-10-24T00:00:00