CVE-2022-32886

CVSS 8.8 HIGHEPSS 1.3%CWE-787

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 sep 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Apple · iOS Apple · iOS and iPadOS Apple · Safari

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDNT32WIARRD2ANWKGCTTIQXI6OII7HZ/https://security.gentoo.org/glsa/202305-32 https://support.apple.com/en-us/HT213442 https://support.apple.com/en-us/HT213445 https://support.apple.com/en-us/HT213446 https://www.debian.org/security/2022/dsa-5240