CVE-2022-42824

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

Published: Nov 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-42824
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / macos	-	13.0
apple / watchos	-	9.1
apple / tvos	-	16.1
apple / ipados	-	16.0
apple / iphone_os	-	16.1
apple / safari	-	16.1
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

http://www.openwall.com/lists/oss-security/2022/11/04/4
https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
https://lists.fedoraproject.org/archives/list/[email protected]/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
https://security.gentoo.org/glsa/202305-32
https://support.apple.com/en-us/HT213488
https://support.apple.com/en-us/HT213489
https://support.apple.com/en-us/HT213491
https://support.apple.com/en-us/HT213492
https://support.apple.com/en-us/HT213495
https://www.debian.org/security/2022/dsa-5273
https://www.debian.org/security/2022/dsa-5274

Vulnerability Database

290,020

CVE-2022-42824