gsd - gsd-2024-23257

gsd-2024-23257

Vulnerability from gsd

Modified

2024-01-13 06:02

Details

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.

Aliases

CVE-2024-23257

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-23257"
      ],
      "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.",
      "id": "GSD-2024-23257",
      "modified": "2024-01-13T06:02:12.033084Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2024-23257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "visionOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "1.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "12.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "16.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing an image may result in disclosure of process memory"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT214087",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214087"
          },
          {
            "name": "https://support.apple.com/en-us/HT214083",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214083"
          },
          {
            "name": "https://support.apple.com/en-us/HT214082",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214082"
          },
          {
            "name": "https://support.apple.com/en-us/HT214085",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214085"
          },
          {
            "name": "https://support.apple.com/en-us/HT214084",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214084"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Mar/21",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Mar/22",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."
          },
          {
            "lang": "es",
            "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 y iPadOS 16.7.6. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso."
          }
        ],
        "id": "CVE-2024-23257",
        "lastModified": "2024-03-13T23:15:46.707",
        "metrics": {},
        "published": "2024-03-08T02:15:48.760",
        "references": [
          {
            "source": "product-security@apple.com",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "source": "product-security@apple.com",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
          },
          {
            "source": "product-security@apple.com",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/23"
          },
          {
            "source": "product-security@apple.com",
            "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://support.apple.com/en-us/HT214082"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://support.apple.com/en-us/HT214083"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://support.apple.com/en-us/HT214084"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://support.apple.com/en-us/HT214085"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://support.apple.com/en-us/HT214087"
          }
        ],
        "sourceIdentifier": "product-security@apple.com",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

cve-2024-23257

Vulnerability from cvelistv5

Published

2024-03-08 01:35

Modified

2024-08-01 22:59

Severity ?

Summary

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214087
	https://support.apple.com/en-us/HT214083
	https://support.apple.com/en-us/HT214082
	https://support.apple.com/en-us/HT214085
	https://support.apple.com/en-us/HT214084
	http://seclists.org/fulldisclosure/2024/Mar/21
	http://seclists.org/fulldisclosure/2024/Mar/22
	http://seclists.org/fulldisclosure/2024/Mar/23
	http://seclists.org/fulldisclosure/2024/Mar/26

Impacted products

▼	Vendor	Product
	Apple	visionOS
	Apple	macOS
	Apple	iOS and iPadOS
	Apple	macOS
	Apple	macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-08T15:33:52.302723Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:10.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214087"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214083"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214082"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214084"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing an image may result in disclosure of process memory",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-08T01:35:24.108Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214087"
        },
        {
          "url": "https://support.apple.com/en-us/HT214083"
        },
        {
          "url": "https://support.apple.com/en-us/HT214082"
        },
        {
          "url": "https://support.apple.com/en-us/HT214085"
        },
        {
          "url": "https://support.apple.com/en-us/HT214084"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/22"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/23"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-23257",
    "datePublished": "2024-03-08T01:35:24.108Z",
    "dateReserved": "2024-01-12T22:22:21.488Z",
    "dateUpdated": "2024-08-01T22:59:32.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted