CVE-2023-42916 — MEDIUM (6.5)

Q: How severe is CVE-2023-42916?

CVE-2023-42916 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-42916?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Fedoraproject Fedora.

Vulnerability Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Safari	< 17.1.2
Apple	Ipados	< 15.8.1
Apple	Iphone Os	< 15.8.1
Apple	Macos	>= 14.0, < 14.1.2
Fedoraproject	Fedora	38
Debian	Debian Linux	11.0
Webkitgtk	Webkitgtk\+	< 2.42.3

Related Weaknesses (CWE)

CWE-125

References

http://seclists.org/fulldisclosure/2023/Dec/12Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/13Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/3Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/4Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/5Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/8Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/35Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/05/1Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://security.gentoo.org/glsa/202401-04Third Party Advisory
https://support.apple.com/en-us/HT214031Vendor Advisory
https://support.apple.com/en-us/HT214032Vendor Advisory
https://support.apple.com/en-us/HT214033Vendor Advisory
https://support.apple.com/kb/HT214033Vendor Advisory

FAQ

What is CVE-2023-42916?

CVE-2023-42916 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensiti...

How severe is CVE-2023-42916?

CVE-2023-42916 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42916?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Fedoraproject Fedora.