CAN-2022-1002518

Source
https://data.gsd.id/CAN-2022-1002518
Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002518.json
JSON Data
https://api.osv.dev/v1/vulns/CAN-2022-1002518
Withdrawn
2023-03-14T07:04:18.320582Z
Published
2022-05-19T10:08:18.152Z
Modified
2023-03-14T07:04:18.320582Z
Summary
CWE-158: Improper Neutralization of Null Byte or NUL Character in iPhone, iPad version ALL
Details

In Apple iPhone, iPad version ALL a CWE-158: Improper Neutralization of Null Byte or NUL Character exists in the QR/Barcode Scanner that can be attacked via Phishing, Social engineering resulting in As other scanners checked, such as on various Android devices, escape or strip the QR with embedded NUL - this can lead to various attacks including phishing (Apple users will see something different than other users) and resulting in this vulnerability extending to other applications that rely on the Apple scanner

References

Affected packages

GSD / iPhone, iPad

Package

Name
iPhone, iPad

Affected ranges

Affected versions

Other

ALL