Search for vulnerabilities
Vulnerability details: VCID-hr82-sub8-aaaa
Vulnerability ID VCID-hr82-sub8-aaaa
Aliases CVE-2022-22628
Summary A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00297 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00297 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00297 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00297 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2022-22628
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2073896
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22628
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22628
archlinux High https://security.archlinux.org/AVG-2703
cvssv3.1 8.8 https://support.apple.com/en-us/HT213182
ssvc Track https://support.apple.com/en-us/HT213182
cvssv3.1 8.8 https://support.apple.com/en-us/HT213183
ssvc Track https://support.apple.com/en-us/HT213183
cvssv3.1 8.8 https://support.apple.com/en-us/HT213186
ssvc Track https://support.apple.com/en-us/HT213186
cvssv3.1 8.8 https://support.apple.com/en-us/HT213187
ssvc Track https://support.apple.com/en-us/HT213187
cvssv3.1 8.8 https://support.apple.com/en-us/HT213193
ssvc Track https://support.apple.com/en-us/HT213193
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
https://api.first.org/data/v1/epss?cve=CVE-2022-22628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22662
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/HT213182
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213186
https://support.apple.com/en-us/HT213187
https://support.apple.com/en-us/HT213193
2073896 https://bugzilla.redhat.com/show_bug.cgi?id=2073896
AVG-2703 https://security.archlinux.org/AVG-2703
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628
RHSA-2022:7704 https://access.redhat.com/errata/RHSA-2022:7704
RHSA-2022:8054 https://access.redhat.com/errata/RHSA-2022:8054
USN-5394-1 https://usn.ubuntu.com/5394-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22628.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213182
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213182
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213183
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213183
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213186
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213187
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213193
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T15:19:44Z/ Found at https://support.apple.com/en-us/HT213193
Exploit Prediction Scoring System (EPSS)
Percentile 0.26365
EPSS Score 0.0011
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.