CVE-2022-42841

CVSS V2 None CVSS V3 None

Description

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.

Overview

CVE ID
CVE-2022-42841

Assigner
product-security@apple.com

Vulnerability Status
Analyzed

Published Version
2022-12-15T19:15:23

Last Modified Date
2023-01-09T17:00:32

Weakness Enumerations

CWE	URL
CWE-843	http://cwe.mitre.org/data/definitions/843.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:apple:macos::::::::	1	OR	11.0	11.7.2
cpe:2.3:o:apple:macos::::::::	1	OR	12.0.0	12.6.2
cpe:2.3:o:apple:macos:13.0:::::::*	1	OR

References

Reference URL	Reference Tags
http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/24
http://seclists.org/fulldisclosure/2022/Dec/25
https://support.apple.com/en-us/HT213532	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213533	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213534	Release Notes Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-42841
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42841

History

Created	Old Value	New Value	Data Type	Notes
2022-12-15 19:16:06				Added to TrackCVE
2022-12-15 20:15:26	2022-12-15T19:15:23.730	2022-12-15T19:15:23	CVE Published Date	updated
2022-12-15 20:15:26		2022-12-15T19:56:28	CVE Modified Date	updated
2022-12-15 20:15:26	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-18 18:16:41	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-19 21:14:58		2022-12-19T20:05:31	CVE Modified Date	updated
2022-12-19 21:14:58	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-19 21:14:59		CWE-843	Weakness Enumeration	new
2022-12-19 21:15:04			CPE Information	updated
2022-12-21 07:02:32		2022-12-21T06:15:10	CVE Modified Date	updated
2022-12-21 07:02:32	Analyzed	Modified	Vulnerability Status	updated
2022-12-21 07:02:35			References	updated
2022-12-21 17:14:55	Modified	Undergoing Analysis	Vulnerability Status	updated
2023-01-09 17:16:42		2023-01-09T17:00:32	CVE Modified Date	updated
2023-01-09 17:16:42	Undergoing Analysis	Analyzed	Vulnerability Status	updated