Search for vulnerabilities
Vulnerability details: VCID-kr1a-xv7b-aaan
Vulnerability ID VCID-kr1a-xv7b-aaan
Aliases CVE-2023-42917
Summary A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42917.json
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.02644 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
epss 0.07451 https://api.first.org/data/v1/epss?cve=CVE-2023-42917
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/12
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/12
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/13
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/13
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/3
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/3
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/4
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/4
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/5
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/5
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Dec/8
ssvc Attend http://seclists.org/fulldisclosure/2023/Dec/8
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2024/Jan/35
ssvc Attend http://seclists.org/fulldisclosure/2024/Jan/35
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-42917
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-42917
cvssv3.1 8.8 https://security.gentoo.org/glsa/202401-04
ssvc Attend https://security.gentoo.org/glsa/202401-04
cvssv3.1 8.8 https://support.apple.com/en-us/HT214031
ssvc Attend https://support.apple.com/en-us/HT214031
cvssv3.1 8.8 https://support.apple.com/en-us/HT214032
ssvc Attend https://support.apple.com/en-us/HT214032
cvssv3.1 8.8 https://support.apple.com/en-us/HT214033
ssvc Attend https://support.apple.com/en-us/HT214033
cvssv3.1 8.8 https://support.apple.com/kb/HT214033
ssvc Attend https://support.apple.com/kb/HT214033
cvssv3.1 8.8 https://support.apple.com/kb/HT214034
ssvc Attend https://support.apple.com/kb/HT214034
cvssv3.1 8.8 https://support.apple.com/kb/HT214062
ssvc Attend https://support.apple.com/kb/HT214062
cvssv3.1 8.8 https://www.debian.org/security/2023/dsa-5575
ssvc Attend https://www.debian.org/security/2023/dsa-5575
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/12/05/1
ssvc Attend http://www.openwall.com/lists/oss-security/2023/12/05/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42917.json
https://api.first.org/data/v1/epss?cve=CVE-2023-42917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
http://seclists.org/fulldisclosure/2023/Dec/12
http://seclists.org/fulldisclosure/2023/Dec/13
http://seclists.org/fulldisclosure/2023/Dec/3
http://seclists.org/fulldisclosure/2023/Dec/4
http://seclists.org/fulldisclosure/2023/Dec/5
http://seclists.org/fulldisclosure/2023/Dec/8
http://seclists.org/fulldisclosure/2024/Jan/35
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
https://support.apple.com/kb/HT214033
https://support.apple.com/kb/HT214034
https://support.apple.com/kb/HT214062
https://www.debian.org/security/2023/dsa-5575
http://www.openwall.com/lists/oss-security/2023/12/05/1
2253058 https://bugzilla.redhat.com/show_bug.cgi?id=2253058
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2023-42917 https://nvd.nist.gov/vuln/detail/CVE-2023-42917
GLSA-202401-04 https://security.gentoo.org/glsa/202401-04
RHSA-2023:7715 https://access.redhat.com/errata/RHSA-2023:7715
RHSA-2023:7716 https://access.redhat.com/errata/RHSA-2023:7716
RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2024:8492 https://access.redhat.com/errata/RHSA-2024:8492
RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9646 https://access.redhat.com/errata/RHSA-2024:9646
RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
USN-6545-1 https://usn.ubuntu.com/6545-1/
Data source KEV
Date added Dec. 4, 2023
Description Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Due date Dec. 25, 2023
Note 
https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42917
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42917.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/12
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/12
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/13
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Dec/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2023/Dec/8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2024/Jan/35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://seclists.org/fulldisclosure/2024/Jan/35
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42917
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42917
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-04
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://security.gentoo.org/glsa/202401-04
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214031
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/en-us/HT214031
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214032
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/en-us/HT214032
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214033
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/en-us/HT214033
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT214033
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/kb/HT214033
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT214034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/kb/HT214034
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT214062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://support.apple.com/kb/HT214062
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5575
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at https://www.debian.org/security/2023/dsa-5575
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/12/05/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-02T05:00:19Z/ Found at http://www.openwall.com/lists/oss-security/2023/12/05/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.117
EPSS Score 0.0004
Published At April 18, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-01-03T17:13:00.672152+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-42917 34.0.0rc1