CVE-2022-32893 - Vulnerability Details

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Aug. 18, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os Macos Safari
Debian	Debian Linux
Fedoraproject	Fedora
Redhat	Enterprise Linux
Webkitgtk	Webkitgtk
Wpewebkit	Wpe Webkit

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:a:wpewebkit:wpe_webkit::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.36.7-1.el8_6	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:6540	2022-09-15T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.36.7-1.el9_0	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:6634	2022-09-20T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2022/Aug/16
http://seclists.org/fulldisclosure/2022/Oct/49
http://www.openwall.com/lists/oss-security/2022/08/25/5
http://www.openwall.com/lists/oss-security/2022/08/26/2
http://www.openwall.com/lists/oss-security/2022/08/29/1
http://www.openwall.com/lists/oss-security/2022/08/29/2
http://www.openwall.com/lists/oss-security/2022/09/02/10
http://www.openwall.com/lists/oss-security/2022/09/13/1
https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
https://nvd.nist.gov/vuln/detail/CVE-2022-32893
https://security.gentoo.org/glsa/202208-39
https://support.apple.com/en-us/HT213412
https://support.apple.com/en-us/HT213413
https://support.apple.com/en-us/HT213414
https://webkitgtk.org/security/WSA-2022-0008.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2022-32893
https://www.debian.org/security/2022/dsa-5219
https://www.debian.org/security/2022/dsa-5220

History

Wed, 29 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-08-18'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-08-24T00:00:00.000Z

Updated: 2025-01-29T16:26:58.724Z

Reserved: 2022-06-09T00:00:00.000Z

Link: CVE-2022-32893

Vulnrichment

Updated: 2024-08-03T07:54:03.184Z

NVD

Status : Analyzed

Published: 2022-08-24T20:15:09.147

Modified: 2025-02-28T14:53:55.297

Link: CVE-2022-32893

Redhat

Severity : Moderate

Publid Date: 2022-08-25T00:00:00Z

Links: CVE-2022-32893 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32893", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "dateUpdated": "2025-01-29T16:26:58.724Z", "dateReserved": "2022-06-09T00:00:00.000Z", "datePublished": "2022-08-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2022-10-30T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "lessThan": "15.6", "status": "affected", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "lessThan": "15.6", "status": "affected", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "lessThan": "12.5", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213414"}, {"url": "https://support.apple.com/en-us/HT213412"}, {"url": "https://support.apple.com/en-us/HT213413"}, {"name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"}, {"name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"}, {"name": "FEDORA-2022-eada5f24a0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"}, {"name": "DSA-5220", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5220"}, {"name": "DSA-5219", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5219"}, {"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"}, {"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"}, {"name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"}, {"name": "GLSA-202208-39", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202208-39"}, {"name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Aug/16"}, {"name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"}, {"name": "FEDORA-2022-ddfeee50c9", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"}, {"name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"}, {"name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/49"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:54:03.184Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213414", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213412", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213413", "tags": ["x_transferred"]}, {"name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"}, {"name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"}, {"name": "FEDORA-2022-eada5f24a0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"}, {"name": "DSA-5220", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5220"}, {"name": "DSA-5219", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5219"}, {"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"}, {"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"}, {"name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"}, {"name": "GLSA-202208-39", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-39"}, {"name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Aug/16"}, {"name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"}, {"name": "FEDORA-2022-ddfeee50c9", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"}, {"name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"}, {"name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/49"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T16:26:40.933813Z", "id": "CVE-2022-32893", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-18", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-32893"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T16:26:58.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213414", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213412", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213413", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5", "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2", "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/", "name": "FEDORA-2022-eada5f24a0", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.debian.org/security/2022/dsa-5220", "name": "DSA-5220", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.debian.org/security/2022/dsa-5219", "name": "DSA-5219", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1", "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2", "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html", "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202208-39", "name": "GLSA-202208-39", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Aug/16", "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10", "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/", "name": "FEDORA-2022-ddfeee50c9", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1", "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/49", "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:54:03.184Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-32893", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T16:26:40.933813Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-18", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-32893"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T16:26:17.794Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213414"}, {"url": "https://support.apple.com/en-us/HT213412"}, {"url": "https://support.apple.com/en-us/HT213413"}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5", "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2", "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/", "name": "FEDORA-2022-eada5f24a0", "tags": ["vendor-advisory"]}, {"url": "https://www.debian.org/security/2022/dsa-5220", "name": "DSA-5220", "tags": ["vendor-advisory"]}, {"url": "https://www.debian.org/security/2022/dsa-5219", "name": "DSA-5219", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1", "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2", "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html", "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update", "tags": ["mailing-list"]}, {"url": "https://security.gentoo.org/glsa/202208-39", "name": "GLSA-202208-39", "tags": ["vendor-advisory"]}, {"url": "http://seclists.org/fulldisclosure/2022/Aug/16", "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10", "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/", "name": "FEDORA-2022-ddfeee50c9", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1", "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/49", "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2022-10-30T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-32893", "state": "PUBLISHED", "dateUpdated": "2025-01-29T16:26:58.724Z", "dateReserved": "2022-06-09T00:00:00.000Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2022-08-24T00:00:00.000Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-09-08", "cisaExploitAdd": "2022-08-18", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple iOS and macOS Out-of-Bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8840E34-BF87-4C09-B13E-7FEC5F908EFD", "versionEndExcluding": "15.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "51963FF0-9D05-49D9-B9DD-D9A2D47EC89E", "versionEndExcluding": "15.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5AD4010-4607-4428-9E01-0AFEF95002EB", "versionEndExcluding": "15.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7227696F-8862-4D88-B0B7-1098388791F3", "versionEndExcluding": "12.5.1", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA0CF181-BD0B-43B5-B5B6-9BB9B9D28BB9", "versionEndExcluding": "2.36.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "B24E9BF0-9726-4CED-A36F-3B1D72D14C31", "versionEndExcluding": "2.36.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}, {"lang": "es", "value": "Se abord\u00f3 un problema de escritura fuera de l\u00edmites con una comprobaci\u00f3n de l\u00edmites mejorada. Este problema es corregido en iOS versi\u00f3n 15.6.1 y iPadOS versi\u00f3n 15.6.1, macOS Monterey versi\u00f3n 12.5.1 y Safari versi\u00f3n 15.6.1. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente."}], "id": "CVE-2022-32893", "lastModified": "2025-02-28T14:53:55.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-08-24T20:15:09.147", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Aug/16"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/49"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"}, {"source": "product-security@apple.com", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"}, {"source": "product-security@apple.com", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-39"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213412"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213413"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213414"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5219"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Aug/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5220"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:6540", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.36.7-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-09-15T00:00:00Z"}, {"advisory": "RHSA-2022:6634", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.36.7-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-09-20T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution", "id": "2121645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121645"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-787", "details": ["An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to an out-of-bounds write. This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution."], "name": "CVE-2022-32893", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-08-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32893\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32893\nhttps://webkitgtk.org/security/WSA-2022-0008.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Since Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time.\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object