CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*

History

26 Jun 2024, 20:01

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
References () http://seclists.org/fulldisclosure/2023/Dec/12 - () http://seclists.org/fulldisclosure/2023/Dec/12 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2023/Dec/13 - () http://seclists.org/fulldisclosure/2023/Dec/13 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2023/Dec/3 - () http://seclists.org/fulldisclosure/2023/Dec/3 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2023/Dec/4 - () http://seclists.org/fulldisclosure/2023/Dec/4 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2023/Dec/5 - () http://seclists.org/fulldisclosure/2023/Dec/5 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2023/Dec/8 - () http://seclists.org/fulldisclosure/2023/Dec/8 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2024/Jan/35 - () http://seclists.org/fulldisclosure/2024/Jan/35 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/12/05/1 - Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/12/05/1 - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/ - Mailing List, Release Notes
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/ - Mailing List, Release Notes
References () https://security.gentoo.org/glsa/202401-04 - () https://security.gentoo.org/glsa/202401-04 - Third Party Advisory
References () https://support.apple.com/kb/HT214033 - () https://support.apple.com/kb/HT214033 - Vendor Advisory
References () https://support.apple.com/kb/HT214034 - () https://support.apple.com/kb/HT214034 - Vendor Advisory
References () https://support.apple.com/kb/HT214062 - () https://support.apple.com/kb/HT214062 - Vendor Advisory
References () https://www.debian.org/security/2023/dsa-5575 - () https://www.debian.org/security/2023/dsa-5575 - Mailing List, Third Party Advisory
First Time Debian
Debian debian Linux
Webkitgtk webkitgtk\+
Fedoraproject fedora
Webkitgtk
Fedoraproject

12 Jun 2024, 10:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214033 -
  • () https://support.apple.com/kb/HT214034 -

10 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214062 -

26 Jan 2024, 17:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jan/35 -

05 Jan 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-04 -

13 Dec 2023, 03:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2023/Dec/4 -
  • () http://seclists.org/fulldisclosure/2023/Dec/13 -
  • () http://seclists.org/fulldisclosure/2023/Dec/12 -
  • () http://seclists.org/fulldisclosure/2023/Dec/8 -
  • () http://seclists.org/fulldisclosure/2023/Dec/5 -

13 Dec 2023, 00:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2023/Dec/3 -

12 Dec 2023, 02:15

Type Values Removed Values Added
References
  • () https://www.debian.org/security/2023/dsa-5575 -

09 Dec 2023, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/ -

06 Dec 2023, 16:27

Type Values Removed Values Added
References () https://support.apple.com/en-us/HT214033 - () https://support.apple.com/en-us/HT214033 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/HT214031 - () https://support.apple.com/en-us/HT214031 - Release Notes, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2023/12/05/1 - () http://www.openwall.com/lists/oss-security/2023/12/05/1 - Third Party Advisory
References () https://support.apple.com/en-us/HT214032 - () https://support.apple.com/en-us/HT214032 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

05 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2023/12/05/1 -

30 Nov 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 23:15

Updated : 2024-06-26 20:01


NVD link : CVE-2023-42917

Mitre link : CVE-2023-42917

CVE.ORG link : CVE-2023-42917


JSON object : View

Products Affected

apple

  • macos
  • ipados
  • safari
  • iphone_os

webkitgtk

  • webkitgtk\+

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write