Lucene search

K
nvd[email protected]NVD:CVE-2022-22624
HistorySep 23, 2022 - 7:15 p.m.

CVE-2022-22624

2022-09-2319:15:10
CWE-416
web.nvd.nist.gov
2
use after free
memory management
macos 12.3
ios 15.4
ipados 15.4
tvos 15.4
safari 15.4
arbitrary code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.3%

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected configurations

NVD
Node
applesafariRange<15.4
OR
appleipad_osRange<15.4
OR
appleiphone_osRange<15.4
OR
applemacosRange12.012.3

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.3%