CVE-2022-32823

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

Weakness

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Affected Software

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable’s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-32823
CWE	https://cwe.mitre.org/data/definitions/665.html

Improper Initialization

Weakness

Affected Software

Potential Mitigations

References

Name	Vendor	Start Version	End Version
Ipados	Apple	*	15.6 (excluding)
Iphone_os	Apple	*	15.6 (excluding)
Mac_os_x	Apple	10.15.7-security_update_2020-001 (including)	10.15.7-security_update_2020-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-001 (including)	10.15.7-security_update_2021-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-002 (including)	10.15.7-security_update_2021-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-003 (including)	10.15.7-security_update_2021-003 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-004 (including)	10.15.7-security_update_2021-004 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-005 (including)	10.15.7-security_update_2021-005 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-006 (including)	10.15.7-security_update_2021-006 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-007 (including)	10.15.7-security_update_2021-007 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-008 (including)	10.15.7-security_update_2021-008 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-001 (including)	10.15.7-security_update_2022-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-002 (including)	10.15.7-security_update_2022-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-003 (including)	10.15.7-security_update_2022-003 (including)
Macos	Apple	*	10.15.7 (excluding)
Macos	Apple	11.0 (including)	11.6.8 (excluding)
Macos	Apple	12.0 (including)	12.5 (excluding)
Macos	Apple	10.15.7 (including)	10.15.7 (including)
Macos	Apple	10.15.7-security_update_2022-004 (including)	10.15.7-security_update_2022-004 (including)
Tvos	Apple	*	15.6 (excluding)
Watchos	Apple	*	8.7 (excluding)

CVE-2022-32823

Improper Initialization

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References