cvelistv5 - cve-2023-23524

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213632	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213633	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213634	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213635	Vendor Advisory

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	watchOS
	Apple	macOS
	Apple	tvOS

gsd-2023-23524

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.

Aliases

CVE-2023-23524

Aliases

CVE-2023-23524

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23524",
    "id": "GSD-2023-23524"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23524"
      ],
      "details": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.",
      "id": "GSD-2023-23524",
      "modified": "2023-12-13T01:20:50.190867Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-23524",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "16.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "9.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "13.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "16.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing a maliciously crafted certificate may lead to a denial-of-service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213635",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213635"
          },
          {
            "name": "https://support.apple.com/en-us/HT213634",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213634"
          },
          {
            "name": "https://support.apple.com/en-us/HT213633",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213633"
          },
          {
            "name": "https://support.apple.com/en-us/HT213632",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213632"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2023-23524"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213634",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213634"
            },
            {
              "name": "https://support.apple.com/en-us/HT213635",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213635"
            },
            {
              "name": "https://support.apple.com/en-us/HT213632",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213632"
            },
            {
              "name": "https://support.apple.com/en-us/HT213633",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213633"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-27T04:15Z",
      "publishedDate": "2023-02-27T20:15Z"
    }
  }
}

wid-sec-w-2023-0358

Vulnerability from csaf_certbund

Published

2023-02-13 23:00

Modified

2023-02-21 23:00

Summary

Apple iOS und iPadOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff

Ein lokaler oder entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um seine Privilegien zu erhöhen oder beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um seine Privilegien zu erh\u00f6hen oder beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0358 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0358.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0358 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0358"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-02-13",
        "url": "https://support.apple.com/en-us/HT213635"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:14:02.626+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0358",
      "initial_release_date": "2023-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "weitere Schwachstelle mit CVE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apple iOS \u003c 16.3.1",
            "product": {
              "name": "Apple iOS \u003c 16.3.1",
              "product_id": "T026268",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:iphone_os:16.3.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Apple iPadOS \u003c 16.3.1",
            "product": {
              "name": "Apple iPadOS \u003c 16.3.1",
              "product_id": "T026269",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:ipados:16.3.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23524",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple iOS und Apple iPadOS. Ein speziell bearbeitetes Zertifikat wird unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-21T23:00:00Z",
      "title": "CVE-2023-23524"
    },
    {
      "cve": "CVE-2023-23529",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple iOS und Apple iPadOS. Beim Parsen von speziell bearbeiteten Webinhalten in WebKit kommt es zu einem Type Confusion Problem. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auf dem Zielsystem auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00Z",
      "title": "CVE-2023-23529"
    },
    {
      "cve": "CVE-2023-23514",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple iOS und Apple iPadOS. Innerhalb des Betriebssystem Kernels besteht ein Use-after-free-Fehler. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um seine Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00Z",
      "title": "CVE-2023-23514"
    }
  ]
}

wid-sec-w-2023-0347

Vulnerability from csaf_certbund

Published

2023-02-13 23:00

Modified

2023-02-21 23:00

Summary

Apple macOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0347 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0347.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0347 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0347"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2023-02-13",
        "url": "https://support.apple.com/en-us/HT213633"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:13:54.495+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0347",
      "initial_release_date": "2023-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "weitere Schwachstelle mit CVE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apple macOS \u003c 13.2.1",
            "product": {
              "name": "Apple macOS \u003c 13.2.1",
              "product_id": "T026264",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:mac_os:13.2.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23524",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Ein speziell bearbeitetes Zertifikat wird unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-21T23:00:00Z",
      "title": "CVE-2023-23524"
    },
    {
      "cve": "CVE-2023-23529",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Beim Parsen von speziell bearbeiteten Webinhalten in WebKit kommt es zu einem Type Confusion Problem. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auf dem Zielsystem auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00Z",
      "title": "CVE-2023-23529"
    },
    {
      "cve": "CVE-2023-23522",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. In Shortcuts werden tempor\u00e4re Dateien unsachgem\u00e4\u00df verarbeitet. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00Z",
      "title": "CVE-2023-23522"
    },
    {
      "cve": "CVE-2023-23514",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apple macOS. Innerhalb des Betriebssystem Kernels besteht ein Use-after-free-Fehler. Ein Angreifer kann diese Schwachstelle \u00fcber eine lokale Applikation ausnutzen, um seine Rechte zu erweitern und beliebigen Code mit Kernel-Rechten auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-02-13T23:00:00Z",
      "title": "CVE-2023-23514"
    }
  ]
}

var-202302-2116

Vulnerability from variot

A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. iPadOS , iOS , macOS A resource exhaustion vulnerability exists in multiple Apple products.Service operation interruption (DoS) It may be in a state. tvOS 16.3.2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-2116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.3.2"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.3.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.3.1"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.2.1"
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "9.3.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      }
    ]
  },
  "cve": "CVE-2023-23524",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-23524",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-23524",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202302-2130",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. iPadOS , iOS , macOS A resource exhaustion vulnerability exists in multiple Apple products.Service operation interruption (DoS) It may be in a state. tvOS 16.3.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23524"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-23524",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-451835",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23524",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "id": "VAR-202302-2116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:41:36.690000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213634 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht213632"
      },
      {
        "title": "Apple macOS Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228163"
      },
      {
        "title": "Apple: tvOS 16.3.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9409b1110e4a3f81d5c7137cc7dd8854"
      },
      {
        "title": "Apple: watchOS 9.3.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6c25a1edd3d915ce53446c3c71a91938"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-23524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213632"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213633"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213634"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213635"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23524"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-23524/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213632"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-23524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "date": "2023-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "date": "2023-02-27T20:15:14.640000",
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "date": "2023-02-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-451835"
      },
      {
        "date": "2023-11-01T08:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      },
      {
        "date": "2023-07-27T04:15:14.980000",
        "db": "NVD",
        "id": "CVE-2023-23524"
      },
      {
        "date": "2023-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource exhaustion vulnerability in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-004758"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-2130"
      }
    ],
    "trust": 0.6
  }
}

ghsa-r596-4r66-j5v5

Vulnerability from github

Published

2023-02-27 21:30

Modified

2023-03-08 15:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.",
  "id": "GHSA-r596-4r66-j5v5",
  "modified": "2023-03-08T15:30:23Z",
  "published": "2023-02-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23524"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213632"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213633"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213634"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213635"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

cve-2023-23524

Vulnerability from cvelistv5

gsd-2023-23524

Vulnerability from gsd

wid-sec-w-2023-0358

Vulnerability from csaf_certbund

wid-sec-w-2023-0347

Vulnerability from csaf_certbund

var-202302-2116

Vulnerability from variot

ghsa-r596-4r66-j5v5

Vulnerability from github

Tags