Vulnerability Details : CVE-2022-26752
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2022-26752
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-26752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-26752
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-26752
-
https://support.apple.com/en-us/HT213257
About the security content of macOS Monterey 12.4 - Apple SupportVendor Advisory
Products affected by CVE-2022-26752
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*