CVE-2022-42856

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-42856

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42856.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-42856

Downstream

DEBIAN-CVE-2022-42856

DLA-3274-1

DSA-5308-1

DSA-5309-1

RHSA-2023:0016

RHSA-2023:0021

RHSA-2025:10364

SUSE-SU-2022:4634-1

SUSE-SU-2022:4641-1

SUSE-SU-2022:4642-1

SUSE-SU-2023:0061-1

UBUNTU-CVE-2022-42856

USN-5797-1

Related

Published

2022-12-15T19:15:25Z

Modified

2025-08-09T19:01:28Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

References

Affected packages