CVE-2022-42800
Published: 1 November 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.
Notes
| Author | Note |
|---|---|
| mdeslaur | since 3.1.3-7, rsync builds with the system zlib as of 2022-12-06, no indication that is isn't an Apple-specific issue, marking as not-affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
rsync Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Not vulnerable
(uses system zlib)
|
|
| kinetic |
Not vulnerable
(uses system zlib)
|
|
| trusty |
Not vulnerable
(uses system zlib)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
zlib Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://support.apple.com/en-us/HT213488
- https://support.apple.com/en-us/HT213494
- https://support.apple.com/en-us/HT213493
- https://support.apple.com/en-us/HT213490
- https://support.apple.com/en-us/HT213491
- https://support.apple.com/en-us/HT213489
- https://www.cve.org/CVERecord?id=CVE-2022-42800
- NVD
- Launchpad
- Debian