Lucene search

[email protected]NVD:CVE-2023-42890

HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-42890

2023-12-1201:15:11

[email protected]

web.nvd.nist.gov

memory handling

safari 17.2

macos sonoma 14.2

watchos 10.2

ios 17.2

ipados 17.2

tvos 17.2

web content

arbitrary code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.7%

JSON

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

Affected configurations

NVD

Node

applesafariRange<17.2

appleipadosRange<17.2

appleiphone_osRange<17.2

applemacosRange14.0–14.2

appletvosRange<17.2

applewatchosRange<10.2

References

seclists.org/fulldisclosure/2023/Dec/12

seclists.org/fulldisclosure/2023/Dec/13

seclists.org/fulldisclosure/2023/Dec/6

seclists.org/fulldisclosure/2023/Dec/7

seclists.org/fulldisclosure/2023/Dec/9

www.openwall.com/lists/oss-security/2023/12/18/1

security.gentoo.org/glsa/202401-33

support.apple.com/en-us/HT214035

support.apple.com/en-us/HT214036

support.apple.com/en-us/HT214039

support.apple.com/en-us/HT214040

support.apple.com/en-us/HT214041

support.apple.com/kb/HT214039

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.7%

JSON

Related for NVD:CVE-2023-42890

debiancve1 prion1 osv5 cve1 ubuntucve1 cvelist1 redhatcve1 nessus14 amazon1 openvas9 apple5 thn1 oraclelinux2 redhat2 almalinux2 rocky1 gentoo1 mageia1