CVE-2022-32788 - Vulnerability Details - OpenCVE

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os Macos Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT213340
https://support.apple.com/en-us/HT213342
https://support.apple.com/en-us/HT213345
https://support.apple.com/en-us/HT213346

History

Wed, 28 May 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-09-20T20:19:07.000Z

Updated: 2025-05-28T15:49:51.074Z

Reserved: 2022-06-09T00:00:00.000Z

Link: CVE-2022-32788

Vulnrichment

Updated: 2024-08-03T07:46:45.277Z

NVD

Status : Modified

Published: 2022-09-20T21:15:10.537

Modified: 2025-05-28T16:15:23.463

Link: CVE-2022-32788

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "15.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "8.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "15.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution."}], "problemTypes": [{"descriptions": [{"description": "A remote user may be able to cause kernel code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-20T20:19:07.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213345"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213340"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213342"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213346"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-32788", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.5"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.6"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "8.7"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.6"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A remote user may be able to cause kernel code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT213345", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213345"}, {"name": "https://support.apple.com/en-us/HT213340", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213340"}, {"name": "https://support.apple.com/en-us/HT213342", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213342"}, {"name": "https://support.apple.com/en-us/HT213346", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213346"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:45.277Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213345"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213340"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213342"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213346"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T15:49:47.596108Z", "id": "CVE-2022-32788", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T15:49:51.074Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-32788", "datePublished": "2022-09-20T20:19:07.000Z", "dateReserved": "2022-06-09T00:00:00.000Z", "dateUpdated": "2025-05-28T15:49:51.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213345", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213340", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213342", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213346", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:45.277Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-32788", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-28T15:49:47.596108Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T15:49:42.782Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213345", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT213340", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT213342", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT213346", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "A remote user may be able to cause kernel code execution"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2022-09-20T20:19:07.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "12.5", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "15.6", "version_affected": "<"}]}, "product_name": "tvOS"}, {"version": {"version_data": [{"version_value": "8.7", "version_affected": "<"}]}, "product_name": "watchOS"}, {"version": {"version_data": [{"version_value": "15.6", "version_affected": "<"}]}, "product_name": "watchOS"}]}, "vendor_name": "Apple"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213345", "name": "https://support.apple.com/en-us/HT213345", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213340", "name": "https://support.apple.com/en-us/HT213340", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213342", "name": "https://support.apple.com/en-us/HT213342", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213346", "name": "https://support.apple.com/en-us/HT213346", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A remote user may be able to cause kernel code execution"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-32788", "STATE": "PUBLIC", "ASSIGNER": "product-security@apple.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-32788", "state": "PUBLISHED", "dateUpdated": "2025-05-28T15:49:51.074Z", "dateReserved": "2022-06-09T00:00:00.000Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2022-09-20T20:19:07.000Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F86C9DC9-3814-4254-A332-257455B6880A", "versionEndExcluding": "12.5", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FC1965-2381-49FF-9521-355D29B28B71", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0", "versionEndExcluding": "8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution."}, {"lang": "es", "value": "Se abord\u00f3 un desbordamiento del b\u00fafer con una comprobaci\u00f3n de l\u00edmites mejorada. Este problema es corregido en watchOS versi\u00f3n 8.7, tvOS versi\u00f3n 15.6, iOS versi\u00f3n 15.6 y iPadOS versi\u00f3n 15.6, macOS Monterey versi\u00f3n 12.5. Un usuario remoto puede ser capaz de causar una ejecuci\u00f3n de c\u00f3digo del kernel"}], "id": "CVE-2022-32788", "lastModified": "2025-05-28T16:15:23.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-09-20T21:15:10.537", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213340"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213342"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213345"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213346"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}