Vulnerability-Lookup

CVE-2023-42917 (GCVE-0-2023-42917)

Vulnerability from cvelistv5 – Published: 2023-11-30 22:18 – Updated: 2025-10-21 23:05

CISA KEV

Summary

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Assigner

apple

References

18 references

URL	Tags
https://support.apple.com/en-us/HT214033
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214031
https://support.apple.com/kb/HT214033
http://www.openwall.com/lists/oss-security/2023/12/05/1
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://support.apple.com/kb/HT214034
https://www.debian.org/security/2023/dsa-5575
http://seclists.org/fulldisclosure/2023/Dec/3
http://seclists.org/fulldisclosure/2023/Dec/4
http://seclists.org/fulldisclosure/2023/Dec/5
http://seclists.org/fulldisclosure/2023/Dec/8
http://seclists.org/fulldisclosure/2023/Dec/13
http://seclists.org/fulldisclosure/2023/Dec/12
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/kb/HT214062
http://seclists.org/fulldisclosure/2024/Jan/35

Impacted products

3 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 17.1 (custom)
Apple	macOS	Affected: unspecified , < 14.1 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 17.1 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 6dacc5fd-d355-413b-8617-2441eafc9aa8

Vulnerability ID: CVE-2023-42917

Status: Confirmed

Status Updated: 2023-12-04 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-12-04

Asserted: 2023-12-04

Scope

Notes: KEV entry: Apple Multiple Products WebKit Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42917

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-787
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Multiple Products
Due Date	2023-12-25
Date Added	2023-12-04
Vendorproject	Apple
Vulnerabilityname	Apple Multiple Products WebKit Memory Corruption Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-42917

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214033"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214032"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214031"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214033"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5575"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/35"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-42917",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-02T05:00:19.060611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-12-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:31.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-12-04T00:00:00.000Z",
            "value": "CVE-2023-42917 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T09:05:54.874Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214033"
        },
        {
          "url": "https://support.apple.com/en-us/HT214032"
        },
        {
          "url": "https://support.apple.com/en-us/HT214031"
        },
        {
          "url": "https://support.apple.com/kb/HT214033"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
        },
        {
          "url": "https://support.apple.com/kb/HT214034"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5575"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/4"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/5"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/8"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/13"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/12"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        },
        {
          "url": "https://support.apple.com/kb/HT214062"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jan/35"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-42917",
    "datePublished": "2023-11-30T22:18:50.340Z",
    "dateReserved": "2023-09-14T19:05:11.463Z",
    "dateUpdated": "2025-10-21T23:05:31.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-42917",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2023-12-04",
      "dueDate": "2023-12-25",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
      "product": "Multiple Products",
      "requiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
      "shortDescription": "Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-42917",
      "date": "2026-05-20",
      "epss": "0.0009",
      "percentile": "0.25325"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-12-25",
      "cisaExploitAdd": "2023-12-04",
      "cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
      "cisaVulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.1.2\", \"matchCriteriaId\": \"FB99F7C8-7DB8-41EB-817C-CCA0B26A8573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.8.1\", \"matchCriteriaId\": \"328EF092-09AD-4809-A921-7390D4CE4BFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0\", \"versionEndExcluding\": \"16.7.3\", \"matchCriteriaId\": \"47A8EDA8-BDDB-413A-AF89-C10FD7B1EA06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.1.2\", \"matchCriteriaId\": \"3DA5F940-604E-4F88-BB50-51EC9A39E8A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.8.1\", \"matchCriteriaId\": \"7A20BCB8-8DB0-495A-8946-036926C91E96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0\", \"versionEndExcluding\": \"16.7.3\", \"matchCriteriaId\": \"D8EBFB96-37E1-4861-83BB-ECE8770C9153\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.1.2\", \"matchCriteriaId\": \"89BC75AA-3A30-4D2B-80C3-C3F754689AC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.1.2\", \"matchCriteriaId\": \"A5BB9989-686F-4AD9-B34E-4FB5161AB658\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.42.3\", \"matchCriteriaId\": \"8C7F88F0-0092-4338-A52F-1A2ED27460B5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.\"}, {\"lang\": \"es\", \"value\": \"Se solucion\\u00f3 una vulnerabilidad de corrupci\\u00f3n de memoria con un bloqueo mejorado. Este problema se solucion\\u00f3 en iOS 17.1.2 y iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. El procesamiento de contenido web puede dar lugar a la ejecuci\\u00f3n de c\\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado en versiones de iOS anteriores a iOS 16.7.1.\"}]",
      "id": "CVE-2023-42917",
      "lastModified": "2024-11-21T08:23:30.587",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-11-30T23:15:07.280",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/12\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/13\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/3\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/4\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/5\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/8\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jan/35\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/05/1\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-04\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214031\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214032\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214033\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214033\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214034\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214062\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5575\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jan/35\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/05/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214032\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Undergoing Analysis",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42917\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-11-30T23:15:07.280\",\"lastModified\":\"2025-10-23T18:49:45.870\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 una vulnerabilidad de corrupci\u00f3n de memoria con un bloqueo mejorado. Este problema se solucion\u00f3 en iOS 17.1.2 y iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado en versiones de iOS anteriores a iOS 16.7.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-12-04\",\"cisaActionDue\":\"2023-12-25\",\"cisaRequiredAction\":\"Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apple Multiple Products WebKit Memory Corruption Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.1.2\",\"matchCriteriaId\":\"FB99F7C8-7DB8-41EB-817C-CCA0B26A8573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.8.1\",\"matchCriteriaId\":\"328EF092-09AD-4809-A921-7390D4CE4BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.7.3\",\"matchCriteriaId\":\"47A8EDA8-BDDB-413A-AF89-C10FD7B1EA06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1.2\",\"matchCriteriaId\":\"3DA5F940-604E-4F88-BB50-51EC9A39E8A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.8.1\",\"matchCriteriaId\":\"7A20BCB8-8DB0-495A-8946-036926C91E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.7.3\",\"matchCriteriaId\":\"D8EBFB96-37E1-4861-83BB-ECE8770C9153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1.2\",\"matchCriteriaId\":\"89BC75AA-3A30-4D2B-80C3-C3F754689AC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.1.2\",\"matchCriteriaId\":\"A5BB9989-686F-4AD9-B34E-4FB5161AB658\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.42.3\",\"matchCriteriaId\":\"8C7F88F0-0092-4338-A52F-1A2ED27460B5\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/12\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/13\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/3\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/4\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/5\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/8\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jan/35\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/05/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-04\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214031\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214032\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214033\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214033\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214034\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214062\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5575\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Dec/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jan/35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/05/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214033\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214032\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214031\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214033\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/05/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214034\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5575\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-04\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214062\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jan/35\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:30:24.968Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42917\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-02T05:00:19.060611Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-12-04\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-12-04T00:00:00.000Z\", \"value\": \"CVE-2023-42917 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T13:50:52.311Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214033\"}, {\"url\": \"https://support.apple.com/en-us/HT214032\"}, {\"url\": \"https://support.apple.com/en-us/HT214031\"}, {\"url\": \"https://support.apple.com/kb/HT214033\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/05/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/\"}, {\"url\": \"https://support.apple.com/kb/HT214034\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5575\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/3\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/4\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/5\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/8\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/13\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Dec/12\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-04\"}, {\"url\": \"https://support.apple.com/kb/HT214062\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jan/35\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-06-12T09:05:54.874Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42917\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:31.441Z\", \"dateReserved\": \"2023-09-14T19:05:11.463Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-11-30T22:18:50.340Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0987

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une exécution de code arbitraire.

D'après l'éditeur, ces vulnérabilités sont activement exploitées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 17.1.2
Apple	macOS	macOS versions antérieures à 14.1.2
Apple	N/A	iPadOS versions antérieures à 17.1.2
Apple	Safari	Safari versions antérieures à 17.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT214031 du 30 novembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214032 du 30 novembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214033 du 30 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS versions ant\u00e9rieures \u00e0 14.1.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"
    },
    {
      "name": "CVE-2023-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0987",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune ex\u00e9cution de code arbitraire.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, ces vuln\u00e9rabilit\u00e9s sont\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003e activement exploit\u00e9es.\u003c/span\u003e\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214031 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214031"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214032 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214032"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214033 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214033"
    }
  ]
}

CERTFR-2023-AVI-1013

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

D'après l'éditeur, les vulnérabilités CVE-2023-42916 et CVE-2023-42917 seraient activement exploitées dans le cadre d'attaques ciblées sur des versions d'iOS antérieures à 16.7.1.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Monterey versions antérieures à 12.7.2
Apple	macOS	macOS Sonoma versions antérieures à 14.2
Apple	macOS	macOS Ventura versions antérieures à 13.6.3
Apple	N/A	iPadOS versions 16.x.x antérieures à 16.7.3
Apple	N/A	iPadOS versions 17.x.x antérieures à 17.2
Apple	N/A	iOS versions 17.x.x antérieures à 17.2
Apple	N/A	iOS versions 16.x.x antérieures à 16.7.3
Apple	Safari	Safari versions antérieures à 17.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT214038 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214034 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214036 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214035 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214039 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214037 du 11 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 16.x.x ant\u00e9rieures \u00e0 16.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 17.x.x ant\u00e9rieures \u00e0 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 17.x.x ant\u00e9rieures \u00e0 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 16.x.x ant\u00e9rieures \u00e0 16.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 17.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-42904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42904"
    },
    {
      "name": "CVE-2023-42884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42884"
    },
    {
      "name": "CVE-2023-42905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42905"
    },
    {
      "name": "CVE-2023-42911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42911"
    },
    {
      "name": "CVE-2023-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"
    },
    {
      "name": "CVE-2023-42906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42906"
    },
    {
      "name": "CVE-2023-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42919"
    },
    {
      "name": "CVE-2023-42898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42898"
    },
    {
      "name": "CVE-2023-42882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42882"
    },
    {
      "name": "CVE-2023-42902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42902"
    },
    {
      "name": "CVE-2020-19190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
    },
    {
      "name": "CVE-2023-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
    },
    {
      "name": "CVE-2023-42932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42932"
    },
    {
      "name": "CVE-2023-42924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42924"
    },
    {
      "name": "CVE-2020-19187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
    },
    {
      "name": "CVE-2023-42922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42922"
    },
    {
      "name": "CVE-2023-42907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42907"
    },
    {
      "name": "CVE-2023-42891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42891"
    },
    {
      "name": "CVE-2023-42894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42894"
    },
    {
      "name": "CVE-2023-42927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42927"
    },
    {
      "name": "CVE-2020-19188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
    },
    {
      "name": "CVE-2023-42901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42901"
    },
    {
      "name": "CVE-2023-42926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42926"
    },
    {
      "name": "CVE-2020-19186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
    },
    {
      "name": "CVE-2023-42900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42900"
    },
    {
      "name": "CVE-2023-45866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
    },
    {
      "name": "CVE-2023-42908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42908"
    },
    {
      "name": "CVE-2023-42903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42903"
    },
    {
      "name": "CVE-2023-42886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42886"
    },
    {
      "name": "CVE-2023-42874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42874"
    },
    {
      "name": "CVE-2023-42897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42897"
    },
    {
      "name": "CVE-2023-42899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42899"
    },
    {
      "name": "CVE-2023-42842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42842"
    },
    {
      "name": "CVE-2023-42923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42923"
    },
    {
      "name": "CVE-2023-42909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42909"
    },
    {
      "name": "CVE-2023-42910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42910"
    },
    {
      "name": "CVE-2020-19185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
    },
    {
      "name": "CVE-2023-42914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42914"
    },
    {
      "name": "CVE-2023-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2023-42883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2023-42912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42912"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-1013",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, les vuln\u00e9rabilit\u00e9s \u003cspan class=\"mx_EventTile_body\"\ndir=\"auto\"\u003eCVE-2023-42916 et\u00a0CVE-2023-42917 seraient activement\nexploit\u00e9es dans le cadre d\u0027attaques cibl\u00e9es sur des versions d\u0027iOS\nant\u00e9rieures \u00e0 16.7.1.\u003c/span\u003e\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214038 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214034 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214034"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214036 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214036"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214035 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214039 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214039"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214037 du 11 d\u00e9cembre 2023",
      "url": "https://support.apple.com/en-us/HT214037"
    }
  ]
}

CERTFR-2024-AVI-0062

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

D'après l'éditeur, la vulnérabilité CVE-2024-23222 est activement exploitée. Apple a également publié des correctifs pour les appareils plus anciens qui ne supportent pas les versions plus récentes d'iOS et iPadOS. Ceux-ci concernent les vulnérabilités CVE-2023-42916 et CVE-2023-42917 qui sont également activement exploitées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Ventura versions antérieures à 13.6.4
Apple	N/A	iOS versions 16.x antérieures à 16.7.5
Apple	N/A	iPadOS versions 16.x antérieures à 16.7.5
Apple	macOS	macOS Sonoma versions antérieures à 14.3
Apple	N/A	iOS versions 17.x antérieures à 17.3
Apple	Safari	Safari versions antérieures à 17.3
Apple	macOS	macOS Monterey versions antérieures à 12.7.3
Apple	N/A	iPadOS versions 17.x antérieures à 17.3
Apple	N/A	iOS versions 15.x antérieures à 15.8.1
Apple	N/A	iPadOS versions antérieures à 15.8.1
Apple	N/A	visionOS versions antérieures à 1.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT214056 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214059 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214062 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214063 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214070 du 31 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214057 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214058 du 22 janvier 2024	None	vendor-advisory
Bulletin de sécurité Apple HT214061 du 22 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 17.x ant\u00e9rieures \u00e0 17.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 17.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 17.x ant\u00e9rieures \u00e0 17.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "visionOS versions ant\u00e9rieures \u00e0 1.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-23204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23204"
    },
    {
      "name": "CVE-2024-23208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23208"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"
    },
    {
      "name": "CVE-2024-23224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23224"
    },
    {
      "name": "CVE-2024-23217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23217"
    },
    {
      "name": "CVE-2024-23210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23210"
    },
    {
      "name": "CVE-2023-42935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42935"
    },
    {
      "name": "CVE-2023-42937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42937"
    },
    {
      "name": "CVE-2023-40528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40528"
    },
    {
      "name": "CVE-2023-42887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42887"
    },
    {
      "name": "CVE-2023-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
    },
    {
      "name": "CVE-2024-23213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
    },
    {
      "name": "CVE-2024-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23219"
    },
    {
      "name": "CVE-2024-23211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23211"
    },
    {
      "name": "CVE-2024-23222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
    },
    {
      "name": "CVE-2023-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42915"
    },
    {
      "name": "CVE-2024-23207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23207"
    },
    {
      "name": "CVE-2024-23203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23203"
    },
    {
      "name": "CVE-2024-23206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
    },
    {
      "name": "CVE-2024-23218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23218"
    },
    {
      "name": "CVE-2024-23209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23209"
    },
    {
      "name": "CVE-2024-23215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23215"
    },
    {
      "name": "CVE-2023-42888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42888"
    },
    {
      "name": "CVE-2024-23223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23223"
    },
    {
      "name": "CVE-2023-38039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
    },
    {
      "name": "CVE-2024-23212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23212"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-23214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23214"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0062",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-23T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT214070.",
      "revision_date": "2024-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, la vuln\u00e9rabilit\u00e9 CVE-2024-23222 est activement\nexploit\u00e9e. \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003eApple a \u00e9galement\npubli\u00e9 des correctifs pour les appareils plus anciens qui ne supportent\npas les versions plus r\u00e9centes d\u0027iOS et iPadOS. Ceux-ci concernent les\nvuln\u00e9rabilit\u00e9s CVE-2023-42916 et CVE-2023-42917 qui sont \u00e9galement\nactivement exploit\u00e9es.\u003c/span\u003e\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214056 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214059 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214059"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214062 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214062"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214063 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214063"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214070 du 31 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214070"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214057 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214057"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214058 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214061 du 22 janvier 2024",
      "url": "https://support.apple.com/en-us/HT214061"
    }
  ]
}

CERTFR-2024-AVI-0321

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Java SE . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE versions 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2 et 22 sans les derniers correctifs de sécurité
Oracle	Java SE	Oracle GraalVM Enterprise Edition, versions 20.3.13 et 21.3.9 sans les derniers correctifs de sécurité
Oracle	Java SE	Oracle GraalVM for JDK, versions 17.0.10, 21.0.2 et 22 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Java SE versions 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2 et 22 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition, versions 20.3.13 et 21.3.9 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK, versions 17.0.10, 21.0.2 et 22 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-20954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20954"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2024-21012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
    },
    {
      "name": "CVE-2024-21002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21002"
    },
    {
      "name": "CVE-2023-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
    },
    {
      "name": "CVE-2023-46809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
    },
    {
      "name": "CVE-2024-22019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-21892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
    },
    {
      "name": "CVE-2023-41993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41993"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-21098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21098"
    },
    {
      "name": "CVE-2024-21004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21004"
    },
    {
      "name": "CVE-2024-21005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21005"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2024-21003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21003"
    },
    {
      "name": "CVE-2023-41074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41074"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0321",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE .\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CERTFR-2023-AVI-0987

Vulnerability from certfr_avis - Published: - Updated:

D'après l'éditeur, ces vulnérabilités sont activement exploitées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 17.1.2
Apple	macOS	macOS versions antérieures à 14.1.2
Apple	N/A	iPadOS versions antérieures à 17.1.2
Apple	Safari	Safari versions antérieures à 17.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT214031 du 30 novembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214032 du 30 novembre 2023	None	vendor-advisory
Bulletin de sécurité Apple HT214033 du 30 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS versions ant\u00e9rieures \u00e0 14.1.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 17.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"
    },
    {
      "name": "CVE-2023-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0987",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune ex\u00e9cution de code arbitraire.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, ces vuln\u00e9rabilit\u00e9s sont\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003e activement exploit\u00e9es.\u003c/span\u003e\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214031 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214031"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214032 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214032"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT214033 du 30 novembre 2023",
      "url": "https://support.apple.com/en-us/HT214033"
    }
  ]
}

alsa-2023:7715

Vulnerability from osv_almalinux

Published

2023-12-11 00:00

Modified

2023-12-12 07:49

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7715	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-42917	REPORT
	https://bugzilla.redhat.com/2253058	REPORT
	https://errata.almalinux.org/9/ALSA-2023-7715.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el9_3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el9_3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el9_3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el9_3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:7715",
  "modified": "2023-12-12T07:49:58Z",
  "published": "2023-12-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7715"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-42917"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2253058"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-7715.html"
    }
  ],
  "related": [
    "CVE-2023-42917"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

alsa-2023:7716

Vulnerability from osv_almalinux

Published

2023-12-11 00:00

Modified

2023-12-14 08:49

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7716	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-42917	REPORT
	https://bugzilla.redhat.com/2253058	REPORT
	https://errata.almalinux.org/8/ALSA-2023-7716.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8_9.1.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8_9.1.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8_9.1.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8_9.1.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:7716",
  "modified": "2023-12-14T08:49:17Z",
  "published": "2023-12-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7716"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-42917"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2253058"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-7716.html"
    }
  ],
  "related": [
    "CVE-2023-42917"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

BDU:2023-08367

Vulnerability from fstec - Published: 30.11.2023

Title

Уязвимость модуля отображения веб-страниц WebKit операционных систем iOS, iPadOS, macOS и браузера Safari, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость модуля отображения веб-страниц WebKit операционных систем iOS, iPadOS, macOS и браузера Safari вызвана выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Vendor

Apple Inc., АО "НППКТ"

Software Name

iOS, iPadOS, Safari, MacOS, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

до 17.1.2 (iOS), до 17.1.2 (iPadOS), до 17.1.2 (Safari), Sonoma до 14.1.2 (MacOS), до 2.9 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций производителя: https://support.apple.com/en-us/HT214031 https://support.apple.com/en-us/HT214032 https://support.apple.com/en-us/HT214033 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения webkit2gtk до версии 2.42.3-1~deb11u1.osnova1

Reference

https://support.apple.com/en-us/HT214031 https://support.apple.com/en-us/HT214033 https://nvd.nist.gov/vuln/detail/CVE-2023-42917 https://support.apple.com/en-us/HT214032 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apple Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.1.2 (iOS), \u0434\u043e 17.1.2 (iPadOS), \u0434\u043e 17.1.2 (Safari), Sonoma \u0434\u043e 14.1.2 (MacOS), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.apple.com/en-us/HT214031 \nhttps://support.apple.com/en-us/HT214032 \nhttps://support.apple.com/en-us/HT214033\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.42.3-1~deb11u1.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08367",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-42917",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "iOS, iPadOS, Safari, MacOS, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Apple Inc. iOS \u0434\u043e 17.1.2 , Apple Inc. iPadOS \u0434\u043e 17.1.2 , Apple Inc. MacOS Sonoma \u0434\u043e 14.1.2 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, macOS \u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, macOS \u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.apple.com/en-us/HT214031 \nhttps://support.apple.com/en-us/HT214033 \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42917 \nhttps://support.apple.com/en-us/HT214032\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}

bit-java-2023-42917

Vulnerability from bitnami_vulndb

Published

2026-05-06 14:44

Modified

2026-05-08 06:11

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "java",
        "purl": "pkg:bitnami/java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0"
            },
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "8.0.411"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-42917"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",
  "id": "BIT-java-2023-42917",
  "modified": "2026-05-08T06:11:36.072Z",
  "published": "2026-05-06T14:44:03.789Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/13"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/3"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/4"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/5"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/8"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/35"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
    },
    {
      "type": "WEB",
      "url": "https://openjdk.org/groups/vulnerability/advisories/2024-04-16"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214031"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214032"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214033"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214033"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214034"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214062"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5575"
    }
  ],
  "schema_version": "1.6.2"
}

bit-jre-2023-42917

Vulnerability from bitnami_vulndb

Published

2026-05-08 05:45

Modified

2026-05-08 06:11

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "jre",
        "purl": "pkg:bitnami/jre"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0"
            },
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "8.0.411"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-42917"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:bellsoft:libericajre:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",
  "id": "BIT-jre-2023-42917",
  "modified": "2026-05-08T06:11:36.072Z",
  "published": "2026-05-08T05:45:38.575Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/13"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/3"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/4"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/5"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Dec/8"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/35"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
    },
    {
      "type": "WEB",
      "url": "https://openjdk.org/groups/vulnerability/advisories/2024-04-16"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214031"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214032"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214033"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214033"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214034"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214062"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5575"
    }
  ],
  "schema_version": "1.6.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-42917 (GCVE-0-2023-42917)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature