VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-32nx-cvey-aaaj

Essentials
Severities (84)
References (37)
Severity details (4)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-32nx-cvey-aaaj
Aliases	CVE-2023-42916
Summary	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Status	Published
Exploitability	2.0
Weighted Severity	6.1
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-125	Out-of-bounds Read
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42916.json
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00400	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00400	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00400	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00400	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00483	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00483	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.00483	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.01384	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
epss	0.07733	https://api.first.org/data/v1/epss?cve=CVE-2023-42916
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-42916
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-42916

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42916.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-42916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
		http://seclists.org/fulldisclosure/2023/Dec/12
		http://seclists.org/fulldisclosure/2023/Dec/13
		http://seclists.org/fulldisclosure/2023/Dec/3
		http://seclists.org/fulldisclosure/2023/Dec/4
		http://seclists.org/fulldisclosure/2023/Dec/5
		http://seclists.org/fulldisclosure/2023/Dec/8
		http://seclists.org/fulldisclosure/2024/Jan/35
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
		https://support.apple.com/en-us/HT214031
		https://support.apple.com/en-us/HT214032
		https://support.apple.com/en-us/HT214033
		https://support.apple.com/kb/HT214033
		https://support.apple.com/kb/HT214034
		https://support.apple.com/kb/HT214062
		https://www.debian.org/security/2023/dsa-5575
		http://www.openwall.com/lists/oss-security/2023/12/05/1
2253054		https://bugzilla.redhat.com/show_bug.cgi?id=2253054
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:a:webkitgtk:webkitgtk\+::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2023-42916		https://nvd.nist.gov/vuln/detail/CVE-2023-42916
GLSA-202401-04		https://security.gentoo.org/glsa/202401-04
RHSA-2023:4201		https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202		https://access.redhat.com/errata/RHSA-2023:4202
USN-6545-1		https://usn.ubuntu.com/6545-1/

Data source	KEV
Date added	Dec. 4, 2023
Description	Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Due date	Dec. 25, 2023
Note	https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42916
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42916.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.135
EPSS Score	0.00046
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T17:13:00.606343+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-42916	34.0.0rc1