CVE-2022-2294: WebRTC Heap Buffer Overflow Vulnerability
First published: Fri Jul 01 2022(Updated: )
WebRTC. A memory corruption issue was addressed with improved state management.
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com Jan Vojtesek the Avast Threat Intelligence team chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <15.6 | 15.6 |
| Google Chrome | <103.0.5060.114 | |
| Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| WebKitGTK WebKitGTK | <2.36.5 | |
| Wpewebkit Wpe Webkit | <2.36.5 | |
| Apple iPadOS | <15.6 | |
| Apple iPhone OS | <15.6 | |
| Apple Mac OS X | <10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-security_update_2021-003 | |
| Apple Mac OS X | =10.15.7-security_update_2021-004 | |
| Apple Mac OS X | =10.15.7-security_update_2021-005 | |
| Apple Mac OS X | =10.15.7-security_update_2021-006 | |
| Apple Mac OS X | =10.15.7-security_update_2021-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-008 | |
| Apple Mac OS X | =10.15.7-security_update_2022-001 | |
| Apple Mac OS X | =10.15.7-security_update_2022-002 | |
| Apple Mac OS X | =10.15.7-security_update_2022-003 | |
| Apple Mac OS X | =10.15.7-security_update_2022-004 | |
| Apple macOS | <11.6.8 | |
| Apple macOS | >=12.0<12.5 | |
| Apple tvOS | <15.6 | |
| Apple watchOS | <8.7 | |
| Webrtc Project Webrtc | ||
| Apple iOS | <15.6 | 15.6 |
| Apple iPadOS | <15.6 | 15.6 |
| Apple macOS Monterey | <12.5 | 12.5 |
| Google Chrome | <103.0.5060.114 | 103.0.5060.114 |
| WebRTC WebRTC | ||
| <103.0.5060.114 | ||
| =8.0 | ||
| =35 | ||
| =36 | ||
| <2.36.5 | ||
| <2.36.5 | ||
| <15.6 | ||
| <15.6 | ||
| <10.15.7 | ||
| =10.15.7 | ||
| =10.15.7-security_update_2020 | ||
| =10.15.7-security_update_2020-001 | ||
| =10.15.7-security_update_2020-005 | ||
| =10.15.7-security_update_2020-007 | ||
| =10.15.7-security_update_2021-001 | ||
| =10.15.7-security_update_2021-002 | ||
| =10.15.7-security_update_2021-003 | ||
| =10.15.7-security_update_2021-004 | ||
| =10.15.7-security_update_2021-005 | ||
| =10.15.7-security_update_2021-006 | ||
| =10.15.7-security_update_2021-007 | ||
| =10.15.7-security_update_2021-008 | ||
| =10.15.7-security_update_2022-001 | ||
| =10.15.7-security_update_2022-002 | ||
| =10.15.7-security_update_2022-003 | ||
| =10.15.7-security_update_2022-004 | ||
| <11.6.8 | ||
| >=12.0<12.5 | ||
| <15.6 | ||
| <8.7 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213341 (Advisory)
- http://www.openwall.com/lists/oss-security/2022/07/28/2
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html (Advisory)
- https://crbug.com/1341043
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
- https://security.gentoo.org/glsa/202208-35
- https://security.gentoo.org/glsa/202208-39
- https://support.apple.com/en-us/HT213346 (Advisory)
- https://support.apple.com/en-us/HT213345 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
- https://security.gentoo.org/glsa/202311-11
- https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ;
- https://nvd.nist.gov/vuln/detail/CVE-2022-2294
- https://kasperskycontenthub.com/threatpost-global/google-patches-c%E2%80%A6-day-of-the-year/180432/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-48503
- CVE-2022-32784
- CVE-2022-32885
- CVE-2022-32861
- CVE-2022-32863
- CVE-2022-32792
- CVE-2022-2294
- CVE-2022-32832
- CVE-2022-32788
- CVE-2022-32824
- CVE-2022-32826
- CVE-2022-42805
- CVE-2022-32948
- CVE-2022-32845
- CVE-2022-32840
- CVE-2022-32829
- CVE-2022-32810
- CVE-2022-32820
- CVE-2022-32825
- CVE-2022-32828
- CVE-2022-32839
- CVE-2022-32819
- CVE-2022-32793
- CVE-2022-32821
- CVE-2022-32855
- CVE-2022-32849
- CVE-2022-32787
- CVE-2022-32841
- CVE-2022-32802
- CVE-2022-32830
- CVE-2022-32785
- CVE-2022-26768
- CVE-2022-32813
- CVE-2022-32815
- CVE-2022-32817
- CVE-2022-32844
- CVE-2022-26981
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32838
- CVE-2022-32857
- CVE-2022-32816
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-42858
- CVE-2022-32880
- CVE-2022-48578
- CVE-2022-32797
- CVE-2022-32851
- CVE-2022-32852
- CVE-2022-32853
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32789
- CVE-2022-32805
- CVE-2022-32897
- CVE-2022-32811
- CVE-2022-32812
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32843
- CVE-2022-46708
- CVE-2022-32796
- CVE-2022-32842
- CVE-2022-32798
- CVE-2022-32799
- CVE-2022-32818
- CVE-2022-32807
- CVE-2022-32801
- CVE-2021-28544
- CVE-2022-24070
- CVE-2022-29046
- CVE-2022-29048
- CVE-2022-32834
- CVE-2022-32933
- CVE-2022-32848
- CVE-2022-2295
- CVE-2022-2296
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2022-2294.
What is the title of this vulnerability?
The title of this vulnerability is WebRTC Heap Buffer Overflow Vulnerability.
What is the impact of this vulnerability?
This vulnerability allows an attacker to perform shellcode execution.
Which software is affected by this vulnerability?
Web browsers using WebRTC, including Google Chrome, Apple macOS Monterey (up to version 12.5), Apple iOS (up to version 15.6), Apple iPadOS (up to version 15.6), and Apple Safari (up to version 15.6).
Are there any references related to this vulnerability?
Yes, you can find references related to this vulnerability at the following links: [Link 1](https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ), [Link 2](https://support.apple.com/en-us/HT213345), [Link 3](https://support.apple.com/en-us/HT213341).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-119.
- collector/apple-support
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/description
- source/Apple
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/title
- exploited/true
- collector/chrome-releases
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/cisa-known-exploited
- source/CISA
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- agent/last-modified-date
- collector/threatpost
- source/Threatpost
- alias/CVE-2022-2856
- alias/CVE-2022-2852
- alias/CVE-2022-2294
- alias/CVE-2022-1364
- alias/CVE-2022-1096
- alias/CVE-2022-0609
- agent/references
- agent/tags
- agent/event
- agent/trending
- vendor/apple
- canonical/apple safari
- vendor/google
- canonical/google chrome
- vendor/fedoraproject
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/8.0
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk
- vendor/wpewebkit
- canonical/wpewebkit wpe webkit
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-security_update_2021-003
- version/apple mac os x/10.15.7-security_update_2021-004
- version/apple mac os x/10.15.7-security_update_2021-005
- version/apple mac os x/10.15.7-security_update_2021-006
- version/apple mac os x/10.15.7-security_update_2021-007
- version/apple mac os x/10.15.7-security_update_2021-008
- version/apple mac os x/10.15.7-security_update_2022-001
- version/apple mac os x/10.15.7-security_update_2022-002
- version/apple mac os x/10.15.7-security_update_2022-003
- version/apple mac os x/10.15.7-security_update_2022-004
- canonical/apple macos
- version/apple macos/12.0
- canonical/apple tvos
- canonical/apple watchos
- vendor/webrtc project
- canonical/webrtc project webrtc
- canonical/apple ios
- canonical/apple macos monterey
- vendor/webrtc
- canonical/webrtc webrtc