Search for vulnerabilities
Vulnerability details: VCID-urzh-a5j6-53hn
Vulnerability ID VCID-urzh-a5j6-53hn
Aliases CVE-2023-42950
Summary A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2023-42950
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-42950
cvssv3.1 8.8 https://support.apple.com/en-us/HT214035
ssvc Track https://support.apple.com/en-us/HT214035
cvssv3.1 8.8 https://support.apple.com/en-us/HT214036
ssvc Track https://support.apple.com/en-us/HT214036
cvssv3.1 8.8 https://support.apple.com/en-us/HT214039
ssvc Track https://support.apple.com/en-us/HT214039
cvssv3.1 8.8 https://support.apple.com/en-us/HT214040
ssvc Track https://support.apple.com/en-us/HT214040
cvssv3.1 8.8 https://support.apple.com/en-us/HT214041
ssvc Track https://support.apple.com/en-us/HT214041
cvssv3.1 8.8 https://support.apple.com/kb/HT214039
ssvc Track https://support.apple.com/kb/HT214039
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2024/03/26/1
ssvc Track http://www.openwall.com/lists/oss-security/2024/03/26/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
https://api.first.org/data/v1/epss?cve=CVE-2023-42950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54658
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1 http://www.openwall.com/lists/oss-security/2024/03/26/1
2271718 https://bugzilla.redhat.com/show_bug.cgi?id=2271718
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-42950 https://nvd.nist.gov/vuln/detail/CVE-2023-42950
HT214035 https://support.apple.com/en-us/HT214035
HT214036 https://support.apple.com/en-us/HT214036
HT214039 https://support.apple.com/en-us/HT214039
HT214039 https://support.apple.com/kb/HT214039
HT214040 https://support.apple.com/en-us/HT214040
HT214041 https://support.apple.com/en-us/HT214041
IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
RHSA-2024:9144 https://access.redhat.com/errata/RHSA-2024:9144
RHSA-2024:9636 https://access.redhat.com/errata/RHSA-2024:9636
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-6732-1 https://usn.ubuntu.com/6732-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42950.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-42950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214035
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/en-us/HT214035
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214036
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/en-us/HT214036
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214039
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/en-us/HT214039
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214040
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/en-us/HT214040
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT214041
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/en-us/HT214041
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT214039
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at https://support.apple.com/kb/HT214039
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/26/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T17:46:25Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/26/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.38792
EPSS Score 0.00169
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:15.284999+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6732-1/ 37.0.0