CVE-2023-41983
Vulnerability from cvelistv5
Published
2023-10-25 18:32
Modified
2024-08-02 19:09
Severity ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2023/Oct/19Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2023/Oct/23Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2023/Oct/24Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2023/Oct/27Mailing List, Third Party Advisory
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2023/11/15/1Mailing List
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/Mailing List, Third Party Advisory
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/Mailing List, Third Party Advisory
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/Mailing List
product-security@apple.comhttps://security.gentoo.org/glsa/202401-33
product-security@apple.comhttps://support.apple.com/en-us/HT213981Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213982Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213984Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213986Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/kb/HT213984Vendor Advisory
product-security@apple.comhttps://www.debian.org/security/2023/dsa-5557Third Party Advisory
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213981"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213986"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5557"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-33"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to a denial-of-service",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T18:32:02.613Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213981"
        },
        {
          "url": "https://support.apple.com/en-us/HT213986"
        },
        {
          "url": "https://support.apple.com/en-us/HT213984"
        },
        {
          "url": "https://support.apple.com/en-us/HT213982"
        },
        {
          "url": "https://support.apple.com/kb/HT213984"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/23"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/19"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/27"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/24"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5557"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-33"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-41983",
    "datePublished": "2023-10-25T18:32:02.613Z",
    "dateReserved": "2023-09-06T17:40:06.140Z",
    "dateUpdated": "2024-08-02T19:09:49.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-41983\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-10-25T19:15:10.110\",\"lastModified\":\"2024-01-31T15:15:10.187\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.\"},{\"lang\":\"es\",\"value\":\"El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. El procesamiento de contenido web puede dar lugar a una Denegaci\u00f3n de Servicio (DoS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"84250563-E42D-4F36-ACB0-081804E27FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"3DFB829A-82EA-40BB-81F9-AD4F69F24ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"387C5D63-833F-4407-A402-501DEF4E15AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"5EB9EAAE-441A-4844-BCB2-1716FD9ACE85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"F53A32D0-DB67-40D7-B14E-3963E696A77E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.1\",\"matchCriteriaId\":\"F9F52915-10F1-4514-B839-F6DC74B53555\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/19\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/23\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/27\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/15/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-33\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT213981\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213982\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213984\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213986\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5557\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.