Search for vulnerabilities
Vulnerability details: VCID-kjpp-yepd-aaam
Vulnerability ID VCID-kjpp-yepd-aaam
Aliases CVE-2023-42950
Summary A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0016 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0016 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0016 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0016 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00575 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00881 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.01563 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-42950
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-42950
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
https://api.first.org/data/v1/epss?cve=CVE-2023-42950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54658
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
https://support.apple.com/kb/HT214039
http://www.openwall.com/lists/oss-security/2024/03/26/1
2271718 https://bugzilla.redhat.com/show_bug.cgi?id=2271718
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-42950 https://nvd.nist.gov/vuln/detail/CVE-2023-42950
GLSA-202407-13 https://security.gentoo.org/glsa/202407-13
RHSA-2024:9144 https://access.redhat.com/errata/RHSA-2024:9144
RHSA-2024:9636 https://access.redhat.com/errata/RHSA-2024:9636
USN-6732-1 https://usn.ubuntu.com/6732-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.42484
EPSS Score 0.00101
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:17:30.014447+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-42950 34.0.0rc4