VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g8h6-dner-aaar

Essentials
Severities (101)
References (29)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g8h6-dner-aaar
Aliases	CVE-2023-40414
Summary	A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.01562	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
epss	0.0636	https://api.first.org/data/v1/epss?cve=CVE-2023-40414
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-40414
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-40414
cvssv3.1	9.8	https://support.apple.com/en-us/HT213936
ssvc	Track	https://support.apple.com/en-us/HT213936
cvssv3.1	9.8	https://support.apple.com/en-us/HT213937
ssvc	Track	https://support.apple.com/en-us/HT213937
cvssv3.1	9.8	https://support.apple.com/en-us/HT213938
ssvc	Track	https://support.apple.com/en-us/HT213938
cvssv3.1	9.8	https://support.apple.com/en-us/HT213940
ssvc	Track	https://support.apple.com/en-us/HT213940
cvssv3.1	9.8	https://support.apple.com/en-us/HT213941
ssvc	Track	https://support.apple.com/en-us/HT213941
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2024/02/05/8
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/02/05/8

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://support.apple.com/en-us/HT213936
		https://support.apple.com/en-us/HT213937
		https://support.apple.com/en-us/HT213938
		https://support.apple.com/en-us/HT213940
		https://support.apple.com/en-us/HT213941
		http://www.openwall.com/lists/oss-security/2024/02/05/8
2270143		https://bugzilla.redhat.com/show_bug.cgi?id=2270143
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2023-40414		https://nvd.nist.gov/vuln/detail/CVE-2023-40414
GLSA-202407-13		https://security.gentoo.org/glsa/202407-13
RHSA-2024:2126		https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982		https://access.redhat.com/errata/RHSA-2024:2982

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40414.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40414

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40414

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213936

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213936

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213937

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213937

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213938

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213938

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213940

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213941

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at https://support.apple.com/en-us/HT213941

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/02/05/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-11T02:22:55Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/05/8

Exploit Prediction Scoring System (EPSS)

Percentile	0.43968
EPSS Score	0.00105
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-11T11:28:58.299868+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-40414	34.0.0rc2