Lucene search

K

[email protected]NVD:CVE-2023-42950

HistoryMar 28, 2024 - 4:15 p.m.

CVE-2023-42950

2024-03-2816:15:08

[email protected]

web.nvd.nist.gov

1

memory management

safari

ios

ipados

tvos

watchos

macos sonoma

arbitrary code execution

malicious web content

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected configurations

NVD

Node

applesafariRange<17.2

OR

appleipadosRange<17.2

OR

appleiphone_osRange<17.2

OR

applemacosRange14.0–14.2

OR

appletvosRange<17.2

OR

applewatchosRange<10.2

References

www.openwall.com/lists/oss-security/2024/03/26/1

lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

support.apple.com/en-us/HT214035

support.apple.com/en-us/HT214036

support.apple.com/en-us/HT214039

support.apple.com/en-us/HT214040

support.apple.com/en-us/HT214041

support.apple.com/kb/HT214039

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

Related for NVD:CVE-2023-42950

osv3 cvelist1 ubuntucve1 cve1 redhatcve1 debiancve1 amazon1 nessus12 apple5 openvas10 fedora1 debian1 ubuntu1 mageia1