CVE-2022-2294: Heap buffer overflow in WebRTC
First published: Fri Jul 01 2022(Updated: )
WebRTC. A memory corruption issue was addressed with improved state management.
Credit: Jan Vojtesek the Avast Threat Intelligence team chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <15.6 | 15.6 |
| <12.5 | 12.5 | |
| Apple iOS | <15.6 | 15.6 |
| Apple iPadOS | <15.6 | 15.6 |
| Google Chrome | <103.0.5060.114 | 103.0.5060.114 |
| WebRTC WebRTC | ||
| Google Chrome | <103.0.5060.114 | |
| Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| WebKitGTK WebKitGTK | <2.36.5 | |
| Wpewebkit Wpe Webkit | <2.36.5 | |
| Apple iPadOS | <15.6 | |
| Apple iPhone OS | <15.6 | |
| Apple Mac OS X | <10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-security_update_2021-003 | |
| Apple Mac OS X | =10.15.7-security_update_2021-004 | |
| Apple Mac OS X | =10.15.7-security_update_2021-005 | |
| Apple Mac OS X | =10.15.7-security_update_2021-006 | |
| Apple Mac OS X | =10.15.7-security_update_2021-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-008 | |
| Apple Mac OS X | =10.15.7-security_update_2022-001 | |
| Apple Mac OS X | =10.15.7-security_update_2022-002 | |
| Apple Mac OS X | =10.15.7-security_update_2022-003 | |
| Apple Mac OS X | =10.15.7-security_update_2022-004 | |
| Apple macOS | <11.6.8 | |
| Apple macOS | >=12.0<12.5 | |
| Apple tvOS | <15.6 | |
| Apple watchOS | <8.7 | |
| Webrtc Project Webrtc |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213341 (Advisory)
- https://support.apple.com/en-us/HT213345 (Advisory)
- https://support.apple.com/en-us/HT213346 (Advisory)
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html (Advisory)
- https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ
- https://crbug.com/1341043
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
- http://www.openwall.com/lists/oss-security/2022/07/28/2
- https://security.gentoo.org/glsa/202208-35
- https://security.gentoo.org/glsa/202208-39
- https://security.gentoo.org/glsa/202311-11
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-48503
- CVE-2022-32784
- CVE-2022-32885
- CVE-2022-32861
- CVE-2022-32863
- CVE-2022-32792
- CVE-2022-2294
- CVE-2022-42858
- CVE-2022-32832
- CVE-2022-32788
- CVE-2022-32880
- CVE-2022-32826
- CVE-2022-42805
- CVE-2022-32948
- CVE-2022-32810
- CVE-2022-32840
- CVE-2022-32845
- CVE-2022-48578
- CVE-2022-32797
- CVE-2022-32851
- CVE-2022-32852
- CVE-2022-32853
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32820
- CVE-2022-32825
- CVE-2022-32789
- CVE-2022-32805
- CVE-2022-32828
- CVE-2022-32839
- CVE-2022-32819
- CVE-2022-32793
- CVE-2022-32821
- CVE-2022-32849
- CVE-2022-32787
- CVE-2022-32897
- CVE-2022-32802
- CVE-2022-32841
- CVE-2022-32785
- CVE-2022-32811
- CVE-2022-32812
- CVE-2022-32813
- CVE-2022-32815
- CVE-2022-32817
- CVE-2022-32829
- CVE-2022-26981
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-46708
- CVE-2022-32796
- CVE-2022-32842
- CVE-2022-32798
- CVE-2022-32799
- CVE-2022-32818
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-32801
- CVE-2021-28544
- CVE-2022-24070
- CVE-2022-29046
- CVE-2022-29048
- CVE-2022-32834
- CVE-2022-32933
- CVE-2022-32816
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-32848
- CVE-2022-32824
- CVE-2022-32855
- CVE-2022-32830
- CVE-2022-26768
- CVE-2022-32844
- CVE-2022-2295
- CVE-2022-2296
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2022-2294.
What is the title of this vulnerability?
The title of this vulnerability is WebRTC Heap Buffer Overflow Vulnerability.
What is the impact of this vulnerability?
This vulnerability allows an attacker to perform shellcode execution.
Which software is affected by this vulnerability?
Web browsers using WebRTC, including Google Chrome, Apple macOS Monterey (up to version 12.5), Apple iOS (up to version 15.6), Apple iPadOS (up to version 15.6), and Apple Safari (up to version 15.6).
Are there any references related to this vulnerability?
Yes, you can find references related to this vulnerability at the following links: [Link 1](https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ), [Link 2](https://support.apple.com/en-us/HT213345), [Link 3](https://support.apple.com/en-us/HT213341).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-119.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- exploited/true
- collector/chrome-releases
- collector/cisa-known-exploited
- source/CISA
- collector/mitre-cve
- collector/nvd-api
- collector/nvd-index
- vendor/apple
- canonical/apple safari
- canonical/apple macos monterey
- canonical/apple ios
- canonical/apple ipados
- vendor/google
- canonical/google chrome
- vendor/webrtc
- canonical/webrtc webrtc
- vendor/fedoraproject
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/8.0
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk
- vendor/wpewebkit
- canonical/wpewebkit wpe webkit
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-security_update_2021-003
- version/apple mac os x/10.15.7-security_update_2021-004
- version/apple mac os x/10.15.7-security_update_2021-005
- version/apple mac os x/10.15.7-security_update_2021-006
- version/apple mac os x/10.15.7-security_update_2021-007
- version/apple mac os x/10.15.7-security_update_2021-008
- version/apple mac os x/10.15.7-security_update_2022-001
- version/apple mac os x/10.15.7-security_update_2022-002
- version/apple mac os x/10.15.7-security_update_2022-003
- version/apple mac os x/10.15.7-security_update_2022-004
- canonical/apple macos
- version/apple macos/12.0
- canonical/apple tvos
- canonical/apple watchos
- vendor/webrtc project
- canonical/webrtc project webrtc