Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-42916
HistoryNov 30, 2023 - 12:00 a.m.

CVE-2023-42916

2023-11-3000:00:00
ubuntu.com
ubuntu.com
37
out-of-bounds read
input validation
ios 17.1.2
ipados 17.1.2
macos sonoma 14.1.2
safari 17.1.2
sensitive information disclosure
exploited vulnerability
webkit
javascriptcore engine
bug report
unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

66.1%

JSON

An out-of-bounds read was addressed with improved input validation. This
issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari
17.1.2. Processing web content may disclose sensitive information. Apple is
aware of a report that this issue may have been exploited against versions
of iOS before iOS 16.7.1.

Bugs

Notes

Author Note
jdstrand webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
mdeslaur It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as ignored.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchwebkit2gtk<Β 2.42.3-0ubuntu0.22.04.1UNKNOWN
ubuntu23.04noarchwebkit2gtk<Β 2.42.3-0ubuntu0.23.04.1UNKNOWN
ubuntu23.10noarchwebkit2gtk<Β 2.42.3-0ubuntu0.23.10.1UNKNOWN
ubuntu24.04noarchwebkit2gtk<Β 2.42.3-1UNKNOWN

Related

debiancve 1
cvelist 1
vulnrichment 1
redhatcve 1
cve 1
prion 1
cisa_kev 1
attackerkb 1
nvd 1
osv 3
nessus 13
openvas 10
talosblog 2
apple 9
fedora 2
hivepro 1
debian 1
ubuntu 1
thn 4
amazon 1
gentoo 1
avleonov 1
mageia 1
hp 1
debiancve
debiancve
CVE-2023-42916
2023-11-30 23:15:07
cvelist
cvelist
CVE-2023-42916
2023-11-30 22:18:49
vulnrichment
vulnrichment
CVE-2023-42916
2023-11-30 22:18:49
redhatcve
redhatcve
CVE-2023-42916
2023-12-06 01:32:09
cve
cve
CVE-2023-42916
2023-11-30 23:15:07
prion
prion
Input validation
2023-11-30 23:15:00
cisa_kev
cisa_kev
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
2023-12-04 00:00:00
attackerkb
attackerkb
CVE-2023-42916
2023-11-30 00:00:00
nvd
nvd
CVE-2023-42916
2023-11-30 23:15:07
osv
osv
CVE-2023-42916
2023-11-30 23:15:07
webkit2gtk - security update
2023-12-11 00:00:00
webkit2gtk vulnerabilities
2023-12-11 12:32:24
nessus
nessus
macOS 14.x < 14.1.2 Multiple Vulnerabilities (HT214032)
2023-12-06 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:4828-1)
2023-12-15 00:00:00
Fedora 39 : webkitgtk (2023-f844a8fa64)
2023-12-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4827-1)
2023-12-15 00:00:00
Apple Safari Security Update (HT214033)
2023-12-01 00:00:00
Debian: Security Advisory (DSA-5575-1)
2023-12-12 00:00:00
talosblog
talosblog
Cybersecurity considerations to have when shopping for holiday gifts
2023-12-07 19:00:40
Why is the cost of cyber insurance rising?
2024-01-25 19:00:35
apple
apple
About the security content of iOS 15.8.1 and iPadOS 15.8.1
2024-01-22 00:00:00
About the security content of iOS 17.1.2 and iPadOS 17.1.2
2023-11-30 00:00:00
About the security content of macOS Sonoma 14.1.2
2023-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: webkitgtk-2.42.3-1.fc38
2023-12-09 02:47:43
[SECURITY] Fedora 39 Update: webkitgtk-2.42.3-1.fc39
2023-12-09 02:44:16
hivepro
hivepro
Apple’s Timely Response to Actively Exploited Zero-Days
2023-12-14 08:27:54
debian
debian
[SECURITY] [DSA 5575-1] webkit2gtk security update
2023-12-11 22:15:28
ubuntu
ubuntu
WebKitGTK vulnerabilities
2023-12-11 00:00:00
thn
thn
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
2024-01-23 01:30:00
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
2023-12-01 04:25:00
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
2023-12-12 06:44:00
amazon
amazon
Important: webkitgtk4
2024-01-19 01:51:00
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2024-01-05 00:00:00
avleonov
avleonov
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
2024-02-01 17:07:20
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

66.1%

JSON
Related for UB:CVE-2023-42916
debiancve1cvelist1vulnrichment1redhatcve1cve1prion1cisa_kev1attackerkb1nvd1osv3nessus13openvas10talosblog2apple9fedora2hivepro1debian1ubuntu1thn4amazon1gentoo1avleonov1mageia1hp1