CVE-2022-32893
HIGH KEVSafari < 15.6.1 - Out-of-bounds Write via Malicious Web Content
Title source: llmExploitation Summary
CVE-2022-32893 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 18, 2022.
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References (18)
Core 18
Core References
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/08/25/5
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/08/26/2
Broken Link vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
Mailing List, Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5220
Mailing List, Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5219
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/08/29/1
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/08/29/2
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-39
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Aug/16
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/09/02/10
Broken Link vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/09/13/1
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/49
Vendor Advisory
https://support.apple.com/en-us/HT213412
Vendor Advisory
https://support.apple.com/en-us/HT213413
Vendor Advisory
https://support.apple.com/en-us/HT213414
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-08-18
VulnCheck KEV
2022-08-17
InTheWild.io
2022-08-17
ENISA EUVD
EUVD-2022-35959
CWE
CWE-787
Status
published
Products (10)
apple/ipados
< 15.6.1
apple/iphone_os
< 15.6.1
apple/macos
12.0 - 12.5.1
apple/safari
< 15.6.1
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
webkitgtk/webkitgtk
< 2.36.7
wpewebkit/wpe_webkit
< 2.36.7
Published
Aug 24, 2022
KEV Added
Aug 18, 2022
Tracked Since
Feb 18, 2026