VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mhe9-8dcj-7fg2

Essentials
Severities (75)
References (41)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-mhe9-8dcj-7fg2
Aliases	CVE-2023-42970
Summary	A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42970.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-42970
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	High	https://security.archlinux.org/AVG-2867
archlinux	High	https://security.archlinux.org/AVG-2868
archlinux	High	https://security.archlinux.org/AVG-2869
archlinux	High	https://security.archlinux.org/AVG-2870
cvssv3.1	8.8	https://support.apple.com/en-us/120330
ssvc	Track	https://support.apple.com/en-us/120330
cvssv3.1	8.8	https://support.apple.com/en-us/120947
ssvc	Track	https://support.apple.com/en-us/120947
cvssv3.1	8.8	https://support.apple.com/en-us/120948
ssvc	Track	https://support.apple.com/en-us/120948
cvssv3.1	8.8	https://support.apple.com/en-us/120949
ssvc	Track	https://support.apple.com/en-us/120949
cvssv3.1	8.8	https://support.apple.com/en-us/120950
ssvc	Track	https://support.apple.com/en-us/120950

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42970.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-42970
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
120330		https://support.apple.com/en-us/120330
120947		https://support.apple.com/en-us/120947
120948		https://support.apple.com/en-us/120948
120949		https://support.apple.com/en-us/120949
120950		https://support.apple.com/en-us/120950
2366498		https://bugzilla.redhat.com/show_bug.cgi?id=2366498
ASA-202505-2		https://security.archlinux.org/ASA-202505-2
ASA-202505-3		https://security.archlinux.org/ASA-202505-3
ASA-202505-4		https://security.archlinux.org/ASA-202505-4
ASA-202505-5		https://security.archlinux.org/ASA-202505-5
AVG-2867		https://security.archlinux.org/AVG-2867
AVG-2868		https://security.archlinux.org/AVG-2868
AVG-2869		https://security.archlinux.org/AVG-2869
AVG-2870		https://security.archlinux.org/AVG-2870
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2023-42970		https://nvd.nist.gov/vuln/detail/CVE-2023-42970
RHSA-2024:2126		https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982		https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2024:8492		https://access.redhat.com/errata/RHSA-2024:8492
RHSA-2024:8496		https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9646		https://access.redhat.com/errata/RHSA-2024:9646
RHSA-2024:9653		https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679		https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680		https://access.redhat.com/errata/RHSA-2024:9680

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42970.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120330

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T17:09:36Z/ Found at https://support.apple.com/en-us/120330

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120947

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T17:09:36Z/ Found at https://support.apple.com/en-us/120947

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120948

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T17:09:36Z/ Found at https://support.apple.com/en-us/120948

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120949

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T17:09:36Z/ Found at https://support.apple.com/en-us/120949

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-11T17:09:36Z/ Found at https://support.apple.com/en-us/120950

Exploit Prediction Scoring System (EPSS)

Percentile	0.10261
EPSS Score	0.00044
Published At	April 12, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-11T20:06:14.820622+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/42xxx/CVE-2023-42970.json	36.0.0