Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

1

CVE-2023-42916

Disclosure Date: November 30, 2023 •

CVE-2023-42916 CVSS v3 Base Score: 6.5

Exploited in the Wild

Reported by inokii and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

apple,
debian,
fedoraproject,
webkitgtk

Products

debian linux 11.0,
debian linux 12.0,
fedora 38,
fedora 39,
ipados,
iphone os,
macos,
safari,
webkitgtk+

Exploited in the Wild

Reported by:

inokii indicated sources as

Vendor Advisory (https://support.apple.com/en-us/HT214031)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2023/12/04/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: December 07, 2023 4:29am UTC (11 months ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2023/12/04/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:24am UTC (3 weeks ago)

References

Canonical

CVE-2023-42916 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916)

Miscellaneous

https://support.apple.com/en-us/HT214033

https://support.apple.com/en-us/HT214032

https://support.apple.com/en-us/HT214031

http://www.openwall.com/lists/oss-security/2023/12/05/1

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/

https://www.debian.org/security/2023/dsa-5575

http://seclists.org/fulldisclosure/2023/Dec/3

http://seclists.org/fulldisclosure/2023/Dec/4

http://seclists.org/fulldisclosure/2023/Dec/5

http://seclists.org/fulldisclosure/2023/Dec/8

http://seclists.org/fulldisclosure/2023/Dec/13

http://seclists.org/fulldisclosure/2023/Dec/12

https://security.gentoo.org/glsa/202401-04

http://seclists.org/fulldisclosure/2024/Jan/35

https://support.apple.com/kb/HT214062

https://support.apple.com/kb/HT214033

https://support.apple.com/kb/HT214034

Rapid7

Technical Analysis