CVE-2022-42823

EPSS 0.52%
Published 01.11.2022 20:15:24
Last modified 21.04.2025 16:15:51
Source product-security@apple.com
Teams watchlist Login
Open Login

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Version < 16.1

Apple ≫ iPadOS Version < 16.0

Apple ≫ iPhone OS Version < 16.1

Apple ≫ macOS Version < 13.0

Apple ≫ tvOS Version < 16.1

Apple ≫ watchOS Version < 9.1

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.52%	0.66

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://security.gentoo.org/glsa/202305-32

https://support.apple.com/en-us/HT213488

Vendor Advisory

http://www.openwall.com/lists/oss-security/2022/11/04/4

Third Party Advisory

Mailing List

https://support.apple.com/en-us/HT213489

Vendor Advisory

https://support.apple.com/en-us/HT213495

Vendor Advisory

https://support.apple.com/en-us/HT213491

Vendor Advisory