Search for vulnerabilities
Vulnerability details: VCID-yx3x-vt76-13cu
Vulnerability ID VCID-yx3x-vt76-13cu
Aliases CVE-2023-40403
Summary The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2023-40403
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/10
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/3
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/4
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/5
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/6
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/8
ssvc Track http://seclists.org/fulldisclosure/2023/Oct/9
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-40403
ssvc Track https://support.apple.com/en-us/HT213927
ssvc Track https://support.apple.com/en-us/HT213931
ssvc Track https://support.apple.com/en-us/HT213932
ssvc Track https://support.apple.com/en-us/HT213936
ssvc Track https://support.apple.com/en-us/HT213937
ssvc Track https://support.apple.com/en-us/HT213938
ssvc Track https://support.apple.com/en-us/HT213940
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json
https://api.first.org/data/v1/epss?cve=CVE-2023-40403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40403
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10 http://seclists.org/fulldisclosure/2023/Oct/10
1108074 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074
2349766 https://bugzilla.redhat.com/show_bug.cgi?id=2349766
3 http://seclists.org/fulldisclosure/2023/Oct/3
4 http://seclists.org/fulldisclosure/2023/Oct/4
5 http://seclists.org/fulldisclosure/2023/Oct/5
6 http://seclists.org/fulldisclosure/2023/Oct/6
8 http://seclists.org/fulldisclosure/2023/Oct/8
9 http://seclists.org/fulldisclosure/2023/Oct/9
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403
HT213927 https://support.apple.com/en-us/HT213927
HT213931 https://support.apple.com/en-us/HT213931
HT213932 https://support.apple.com/en-us/HT213932
HT213936 https://support.apple.com/en-us/HT213936
HT213937 https://support.apple.com/en-us/HT213937
HT213938 https://support.apple.com/en-us/HT213938
HT213940 https://support.apple.com/en-us/HT213940
RHSA-2025:8676 https://access.redhat.com/errata/RHSA-2025:8676
RHSA-2025:9016 https://access.redhat.com/errata/RHSA-2025:9016
USN-7600-1 https://usn.ubuntu.com/7600-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/10
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/3
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/4
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/5
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/6
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/8
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at http://seclists.org/fulldisclosure/2023/Oct/9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40403
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213927
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213931
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213932
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213936
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213937
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213938
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/ Found at https://support.apple.com/en-us/HT213940
Exploit Prediction Scoring System (EPSS)
Percentile 0.4407
EPSS Score 0.00214
Published At Aug. 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:55:12.583951+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7600-1/ 37.0.0