Search for vulnerabilities
Vulnerability details: VCID-8954-nyct-ebhk
Vulnerability ID VCID-8954-nyct-ebhk
Aliases CVE-2022-42867
Summary A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42867.json
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.01275 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.01275 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.01275 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.01275 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.05951 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
epss 0.06104 https://api.first.org/data/v1/epss?cve=CVE-2022-42867
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Dec/20
ssvc Track http://seclists.org/fulldisclosure/2022/Dec/20
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Dec/23
ssvc Track http://seclists.org/fulldisclosure/2022/Dec/23
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Dec/26
ssvc Track http://seclists.org/fulldisclosure/2022/Dec/26
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Dec/27
ssvc Track http://seclists.org/fulldisclosure/2022/Dec/27
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2022/Dec/28
ssvc Track http://seclists.org/fulldisclosure/2022/Dec/28
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42867
cvssv3.1 8.8 https://security.gentoo.org/glsa/202305-32
ssvc Track https://security.gentoo.org/glsa/202305-32
cvssv3.1 8.8 https://support.apple.com/en-us/HT213530
ssvc Track https://support.apple.com/en-us/HT213530
cvssv3.1 8.8 https://support.apple.com/en-us/HT213532
ssvc Track https://support.apple.com/en-us/HT213532
cvssv3.1 8.8 https://support.apple.com/en-us/HT213535
ssvc Track https://support.apple.com/en-us/HT213535
cvssv3.1 8.8 https://support.apple.com/en-us/HT213536
ssvc Track https://support.apple.com/en-us/HT213536
cvssv3.1 8.8 https://support.apple.com/en-us/HT213537
ssvc Track https://support.apple.com/en-us/HT213537
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2022/12/26/1
ssvc Track http://www.openwall.com/lists/oss-security/2022/12/26/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42867.json
https://api.first.org/data/v1/epss?cve=CVE-2022-42867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46700
http://seclists.org/fulldisclosure/2022/Dec/23
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1 http://www.openwall.com/lists/oss-security/2022/12/26/1
20 http://seclists.org/fulldisclosure/2022/Dec/20
202305-32 https://security.gentoo.org/glsa/202305-32
2156989 https://bugzilla.redhat.com/show_bug.cgi?id=2156989
26 http://seclists.org/fulldisclosure/2022/Dec/26
27 http://seclists.org/fulldisclosure/2022/Dec/27
28 http://seclists.org/fulldisclosure/2022/Dec/28
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-42867 https://nvd.nist.gov/vuln/detail/CVE-2022-42867
HT213530 https://support.apple.com/en-us/HT213530
HT213532 https://support.apple.com/en-us/HT213532
HT213535 https://support.apple.com/en-us/HT213535
HT213536 https://support.apple.com/en-us/HT213536
HT213537 https://support.apple.com/en-us/HT213537
RHSA-2023:2256 https://access.redhat.com/errata/RHSA-2023:2256
RHSA-2023:2834 https://access.redhat.com/errata/RHSA-2023:2834
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-5797-1 https://usn.ubuntu.com/5797-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42867.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/20
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/20
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/23
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/26
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/26
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/27
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/27
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/28
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/28
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-42867
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://security.gentoo.org/glsa/202305-32
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213530
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://support.apple.com/en-us/HT213530
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213532
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://support.apple.com/en-us/HT213532
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213535
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://support.apple.com/en-us/HT213535
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://support.apple.com/en-us/HT213536
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213537
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at https://support.apple.com/en-us/HT213537
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2022/12/26/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:42:36Z/ Found at http://www.openwall.com/lists/oss-security/2022/12/26/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.72193
EPSS Score 0.00745
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:11.026816+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5797-1/ 37.0.0