CVE-2022-42837 | Vulnerability Database | Aqua Security

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	15.0 (including)	15.7.2 (excluding)
Ipados	Apple	16.0 (including)	16.2 (excluding)
Iphone_os	Apple	15.0 (including)	15.7.2 (excluding)
Iphone_os	Apple	16.0 (including)	16.2 (excluding)
Macos	Apple	13.0 (including)	13.0 (including)
Watchos	Apple	*	9.2 (excluding)

References

http://seclists.org/fulldisclosure/2022/Dec/20
http://seclists.org/fulldisclosure/2022/Dec/21
http://seclists.org/fulldisclosure/2022/Dec/23
http://seclists.org/fulldisclosure/2022/Dec/27
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213531
https://support.apple.com/en-us/HT213532
https://support.apple.com/en-us/HT213536
https://support.apple.com/kb/HT213535

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-42837
CWE	https://cwe.mitre.org/data/definitions/.html