CVE-2023-42917 — HIGH (8.8)

Q: How severe is CVE-2023-42917?

CVE-2023-42917 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-42917?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Debian Debian Linux.

Vulnerability Description

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Safari	< 17.1.2
Apple	Ipados	< 15.8.1
Apple	Iphone Os	< 15.8.1
Apple	Macos	>= 14.0, < 14.1.2
Debian	Debian Linux	11.0
Fedoraproject	Fedora	38
Webkitgtk	Webkitgtk\+	< 2.42.3

Related Weaknesses (CWE)

CWE-787

References

http://seclists.org/fulldisclosure/2023/Dec/12Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/13Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/3Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/4Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/5Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/8Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/35Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/05/1Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://security.gentoo.org/glsa/202401-04Third Party Advisory
https://support.apple.com/en-us/HT214031Vendor Advisory
https://support.apple.com/en-us/HT214032Vendor Advisory
https://support.apple.com/en-us/HT214033Vendor Advisory
https://support.apple.com/kb/HT214033Vendor Advisory

FAQ

What is CVE-2023-42917?

CVE-2023-42917 is a vulnerability with a CVSS score of 8.8 (HIGH). A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbit...

How severe is CVE-2023-42917?

CVE-2023-42917 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42917?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Debian Debian Linux.