{"api_version":"1","generated_at":"2026-04-23T02:37:55+00:00","cve":"CVE-2022-42823","urls":{"html":"https://cve.report/CVE-2022-42823","api":"https://cve.report/api/cve/CVE-2022-42823.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-42823","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-42823"},"summary":{"title":"CVE-2022-42823","description":"A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2022-11-01 20:15:00","updated_at":"2023-11-07 03:53:00"},"problem_types":["CWE-843"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT213491","name":"https://support.apple.com/en-us/HT213491","refsource":"MISC","tags":[],"title":"About the security content of watchOS 9.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","name":"FEDORA-2022-e7726761c4","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: webkit2gtk3-2.38.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","name":"FEDORA-2022-e7726761c4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: webkit2gtk3-2.38.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/11/04/4","name":"[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010","refsource":"MLIST","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","name":"FEDORA-2022-08fdc4138a","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: webkitgtk-2.38.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","name":"FEDORA-2022-ce32af66d6","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: webkit2gtk3-2.38.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202305-32","name":"GLSA-202305-32","refsource":"GENTOO","tags":[],"title":"WebKitGTK+: Multiple Vulnerabilities (GLSA 202305-32) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213492","name":"https://support.apple.com/en-us/HT213492","refsource":"MISC","tags":[],"title":"About the security content of tvOS 16.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213495","name":"https://support.apple.com/en-us/HT213495","refsource":"MISC","tags":[],"title":"About the security content of Safari 16.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","name":"FEDORA-2022-ce32af66d6","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: webkit2gtk3-2.38.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5274","name":"DSA-5274","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5274-1 wpewebkit","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","name":"FEDORA-2022-08fdc4138a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: webkitgtk-2.38.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","name":"[debian-lts-announce] 20221109 [SECURITY] [DLA 3183-1] webkit2gtk security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3183-1] webkit2gtk security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213488","name":"https://support.apple.com/en-us/HT213488","refsource":"MISC","tags":[],"title":"About the security content of macOS Ventura 13 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213489","name":"https://support.apple.com/en-us/HT213489","refsource":"MISC","tags":[],"title":"About the security content of iOS 16.1 and iPadOS 16 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5273","name":"DSA-5273","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5273-1 webkit2gtk","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-42823","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42823","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42823","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-42823","qid":"160629","title":"Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-2256)"},{"cve":"CVE-2022-42823","qid":"160691","title":"Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-2834)"},{"cve":"CVE-2022-42823","qid":"181199","title":"Debian Security Update for webkit2gtk (DSA 5273-1)"},{"cve":"CVE-2022-42823","qid":"181200","title":"Debian Security Update for wpewebkit (DSA 5274-1)"},{"cve":"CVE-2022-42823","qid":"181201","title":"Debian Security Update for webkit2gtk (DLA 3183-1)"},{"cve":"CVE-2022-42823","qid":"181959","title":"Debian Security Update for webkit2gtkwpewebkit (CVE-2022-42823)"},{"cve":"CVE-2022-42823","qid":"199032","title":"Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5730-1)"},{"cve":"CVE-2022-42823","qid":"241472","title":"Red Hat Update for webkit2gtk3 (RHSA-2023:2256)"},{"cve":"CVE-2022-42823","qid":"241497","title":"Red Hat Update for webkit2gtk3 (RHSA-2023:2834)"},{"cve":"CVE-2022-42823","qid":"283291","title":"Fedora Security Update for webkit2gtk3 (FEDORA-2022-ce32af66d6)"},{"cve":"CVE-2022-42823","qid":"283317","title":"Fedora Security Update for webkit2gtk3 (FEDORA-2022-e7726761c4)"},{"cve":"CVE-2022-42823","qid":"283434","title":"Fedora Security Update for webkitgtk (FEDORA-2022-08fdc4138a)"},{"cve":"CVE-2022-42823","qid":"354765","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-1960"},{"cve":"CVE-2022-42823","qid":"377691","title":"Apple Safari Multiple Vulnerabilities (HT213495)"},{"cve":"CVE-2022-42823","qid":"610441","title":"Apple iOS 16.1 and iPadOS 16 Security Update Missing"},{"cve":"CVE-2022-42823","qid":"710737","title":"Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202305-32)"},{"cve":"CVE-2022-42823","qid":"752912","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:4207-1)"},{"cve":"CVE-2022-42823","qid":"752945","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:4283-1)"},{"cve":"CVE-2022-42823","qid":"752946","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:4284-1)"},{"cve":"CVE-2022-42823","qid":"752961","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:4285-1)"},{"cve":"CVE-2022-42823","qid":"941009","title":"AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:2256)"},{"cve":"CVE-2022-42823","qid":"941078","title":"AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:2834)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-42823","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"13"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"16.1"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"16.1"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"16.1"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"9.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to arbitrary code execution"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213488","name":"https://support.apple.com/en-us/HT213488"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213489","name":"https://support.apple.com/en-us/HT213489"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213492","name":"https://support.apple.com/en-us/HT213492"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213495","name":"https://support.apple.com/en-us/HT213495"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213491","name":"https://support.apple.com/en-us/HT213491"},{"refsource":"MLIST","name":"[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010","url":"http://www.openwall.com/lists/oss-security/2022/11/04/4"},{"refsource":"FEDORA","name":"FEDORA-2022-08fdc4138a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/"},{"refsource":"DEBIAN","name":"DSA-5273","url":"https://www.debian.org/security/2022/dsa-5273"},{"refsource":"DEBIAN","name":"DSA-5274","url":"https://www.debian.org/security/2022/dsa-5274"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221109 [SECURITY] [DLA 3183-1] webkit2gtk security update","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html"},{"refsource":"FEDORA","name":"FEDORA-2022-ce32af66d6","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/"},{"refsource":"FEDORA","name":"FEDORA-2022-e7726761c4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/"},{"refsource":"GENTOO","name":"GLSA-202305-32","url":"https://security.gentoo.org/glsa/202305-32"}]},"description":{"description_data":[{"lang":"eng","value":"A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution."}]}},"nvd":{"publishedDate":"2022-11-01 20:15:00","lastModifiedDate":"2023-11-07 03:53:00","problem_types":["CWE-843"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"13.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"16.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"16.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"16.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}