Vulnerability Name:

CVE-2022-22590

Assigned:2022-01-05
Published:2022-01-05
Updated:2024-06-01
Summary:A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
References:Source: MITRE
Type: CNA
CVE-2022-22590

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8033
    P
    		libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7603
    P
    		libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7941
    P
    		libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3401
    P
    		xen-4.12.1_06-1.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3018
    P
    		augeas-1.10.1-2.6 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3320
    P
    		pam_yubico-2.26-1.25 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94648
    P
    		libjavascriptcoregtk-4_0-18-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94950
    P
    		libjavascriptcoregtk-4_1-0-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95031
    P
    		libjavascriptcoregtk-5_0-0-2.36.0-150400.2.12 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20221777
    P
    		RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate)
    2022-05-10
    oval:org.opensuse.security:def:119014
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:101647
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119687
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:1088
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119125
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:101766
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119319
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:118824
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119502
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:955
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-04
    oval:org.opensuse.security:def:127369
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-03
    oval:org.opensuse.security:def:5358
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-03
    oval:org.opensuse.security:def:125808
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-03
    oval:org.opensuse.security:def:6178
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-03
    oval:org.opensuse.security:def:126971
    P
    		Security update for webkit2gtk3 (Important)
    2022-03-03
    BACK