Search for vulnerabilities
Vulnerability details: VCID-9b4e-vqe6-53ay
Vulnerability ID VCID-9b4e-vqe6-53ay
Aliases CVE-2023-40414
Summary A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2023-40414
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-40414
cvssv3.1 9.8 https://support.apple.com/en-us/HT213936
ssvc Track https://support.apple.com/en-us/HT213936
cvssv3.1 9.8 https://support.apple.com/en-us/HT213937
ssvc Track https://support.apple.com/en-us/HT213937
cvssv3.1 9.8 https://support.apple.com/en-us/HT213938
ssvc Track https://support.apple.com/en-us/HT213938
cvssv3.1 9.8 https://support.apple.com/en-us/HT213940
ssvc Track https://support.apple.com/en-us/HT213940
cvssv3.1 9.8 https://support.apple.com/en-us/HT213941
ssvc Track https://support.apple.com/en-us/HT213941
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2024/02/05/8
ssvc Track http://www.openwall.com/lists/oss-security/2024/02/05/8
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json
https://api.first.org/data/v1/epss?cve=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2270143 https://bugzilla.redhat.com/show_bug.cgi?id=2270143
8 http://www.openwall.com/lists/oss-security/2024/02/05/8
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-40414 https://nvd.nist.gov/vuln/detail/CVE-2023-40414
HT213936 https://support.apple.com/en-us/HT213936
HT213937 https://support.apple.com/en-us/HT213937
HT213938 https://support.apple.com/en-us/HT213938
HT213940 https://support.apple.com/en-us/HT213940
HT213941 https://support.apple.com/en-us/HT213941
RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40414
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213936
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213936
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213937
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213937
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213938
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213940
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213940
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213941
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213941
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/02/05/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/05/8
Exploit Prediction Scoring System (EPSS)
Percentile 0.37019
EPSS Score 0.00155
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:43:24.180293+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/40xxx/CVE-2023-40414.json 37.0.0