Search for vulnerabilities
Vulnerability details: VCID-svw8-cgjr-r7by
Vulnerability ID VCID-svw8-cgjr-r7by
Aliases CVE-2023-39434
Summary A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39434.json
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2023-39434
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Oct/3
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/3
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Oct/8
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/8
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Oct/9
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/9
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39434
cvssv3.1 8.8 https://security.gentoo.org/glsa/202401-33
ssvc Track https://security.gentoo.org/glsa/202401-33
cvssv3.1 8.8 https://support.apple.com/en-us/HT213937
ssvc Track https://support.apple.com/en-us/HT213937
cvssv3.1 8.8 https://support.apple.com/en-us/HT213938
ssvc Track https://support.apple.com/en-us/HT213938
cvssv3.1 8.8 https://support.apple.com/en-us/HT213940
ssvc Track https://support.apple.com/en-us/HT213940
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/28/3
ssvc Track http://www.openwall.com/lists/oss-security/2023/09/28/3
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39434.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40451
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://webkitgtk.org/security/WSA-2023-0009.html
202401-33 https://security.gentoo.org/glsa/202401-33
2241405 https://bugzilla.redhat.com/show_bug.cgi?id=2241405
3 http://seclists.org/fulldisclosure/2023/Oct/3
3 http://www.openwall.com/lists/oss-security/2023/09/28/3
8 http://seclists.org/fulldisclosure/2023/Oct/8
9 http://seclists.org/fulldisclosure/2023/Oct/9
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-39434 https://nvd.nist.gov/vuln/detail/CVE-2023-39434
HT213937 https://support.apple.com/en-us/HT213937
HT213938 https://support.apple.com/en-us/HT213938
HT213940 https://support.apple.com/en-us/HT213940
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39434.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Oct/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Oct/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Oct/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39434
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://security.gentoo.org/glsa/202401-33
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213937
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://support.apple.com/en-us/HT213937
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://support.apple.com/en-us/HT213938
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213940
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://support.apple.com/en-us/HT213940
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/28/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/28/3
Exploit Prediction Scoring System (EPSS)
Percentile 0.6485
EPSS Score 0.00498
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:37:39.450365+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/39xxx/CVE-2023-39434.json 37.0.0