Search for vulnerabilities
Vulnerability details: VCID-t8nb-jceg-aaaj
Vulnerability ID VCID-t8nb-jceg-aaaj
Aliases CVE-2022-22629
Summary A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22629.json
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.15445 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
epss 0.25581 https://api.first.org/data/v1/epss?cve=CVE-2022-22629
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2073899
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22629
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22629
archlinux High https://security.archlinux.org/AVG-2703
cvssv3.1 8.8 https://support.apple.com/en-us/HT213182
ssvc Track https://support.apple.com/en-us/HT213182
cvssv3.1 8.8 https://support.apple.com/en-us/HT213183
ssvc Track https://support.apple.com/en-us/HT213183
cvssv3.1 8.8 https://support.apple.com/en-us/HT213186
ssvc Track https://support.apple.com/en-us/HT213186
cvssv3.1 8.8 https://support.apple.com/en-us/HT213187
ssvc Track https://support.apple.com/en-us/HT213187
cvssv3.1 8.8 https://support.apple.com/en-us/HT213188
ssvc Track https://support.apple.com/en-us/HT213188
cvssv3.1 8.8 https://support.apple.com/en-us/HT213193
ssvc Track https://support.apple.com/en-us/HT213193
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22629.json
https://api.first.org/data/v1/epss?cve=CVE-2022-22629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22662
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/HT213182
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213186
https://support.apple.com/en-us/HT213187
https://support.apple.com/en-us/HT213188
https://support.apple.com/en-us/HT213193
2073899 https://bugzilla.redhat.com/show_bug.cgi?id=2073899
AVG-2703 https://security.archlinux.org/AVG-2703
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629
RHSA-2022:7704 https://access.redhat.com/errata/RHSA-2022:7704
RHSA-2022:8054 https://access.redhat.com/errata/RHSA-2022:8054
USN-5394-1 https://usn.ubuntu.com/5394-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213182
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213182
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213183
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213183
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213186
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213187
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213188
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213188
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213193
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T14:46:47Z/ Found at https://support.apple.com/en-us/HT213193
Exploit Prediction Scoring System (EPSS)
Percentile 0.71460
EPSS Score 0.00348
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.