Vulnerability Details : CVE-2022-32792
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2022-32792
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-32792
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
CWE ids for CVE-2022-32792
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: [email protected] (Primary)
References for CVE-2022-32792
-
https://support.apple.com/en-us/HT213345
Vendor Advisory
-
https://support.apple.com/en-us/HT213346
Vendor Advisory
-
https://support.apple.com/en-us/HT213340
Vendor Advisory
-
https://support.apple.com/en-us/HT213342
Vendor Advisory
-
https://support.apple.com/en-us/HT213341
Vendor Advisory
Products affected by CVE-2022-32792
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*