Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-32893
HistoryAug 24, 2022 - 12:00 a.m.

CVE-2022-32893

2022-08-2400:00:00
ubuntu.com
ubuntu.com
31

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.3%

An out-of-bounds write issue was addressed with improved bounds checking.
This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1,
Safari 15.6.1. Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may
have been actively exploited.

Notes

Author Note
jdstrand webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.3%