CVE-2022-22587

{"id": "CVE-2022-22587", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-03-18T18:15:12.480", "references": [{"url": "https://support.apple.com/en-us/HT213053", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213054", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213055", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una comprobaci\u00f3n de entradas mejorada. Este problema es corregido en iOS versi\u00f3n 15.3 y iPadOS versi\u00f3n 15.3, macOS Big Sur versi\u00f3n 11.6.3, macOS Monterey versi\u00f3n 12.2. Una aplicaci\u00f3n maliciosa puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel. Apple est\u00e1 al tanto de un informe de que este problema puede haber sido explotado activamente"}], "lastModified": "2022-03-28T16:49:17.547", "cisaActionDue": "2022-02-11", "cisaExploitAdd": "2022-01-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2F6E42-576E-41AE-AA8A-606A3FF1A649", "versionEndExcluding": "15.3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6465081-3081-4B3E-8DAD-A0E671DEF329", "versionEndExcluding": "15.3"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6846D174-7E4E-4ADC-BEEB-71BD3C15EBFC", "versionEndExcluding": "11.6.3"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DD9232-638D-4A8C-8D11-02F4059A06F6", "versionEndExcluding": "12.2", "versionStartIncluding": "12.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple Memory Corruption Vulnerability"}