CVE-2023-42916

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2023-42916 DSA-5575-1 RHSA-2023:4201 RHSA-2023:4202 RHSA-2025:10364 SUSE-SU-2023:4824-1

Analyzed

Published: 30 Nov 2023, 22:18

Last modified:21 Oct 2025, 23:05

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.05% LOW

0% probability 0.00%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Nov 2023, 22:18

Published

Vulnerability first disclosed

04 Dec 2023, 00:00

Added to CISA KEV

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

25 Dec 2023, 00:00

CISA Remediation Due

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

21 Oct 2025, 23:05

Last Modified

Vulnerability information updated

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.05%• Percentile: 14%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

apple•ios and ipados
≥ unspecified, < 17.1
apple•ipados
< 15.8.1 | ≥ 16.0, < 16.7.3 | ≥ 17.0, < 17.1.2
apple•iphone_os
< 15.8.1 | ≥ 16.0, < 16.7.3 | ≥ 17.0, < 17.1.2
apple•macos
≥ 14.0, < 14.1.2 | ≥ unspecified, < 14.1
apple•safari
< 17.1.2 | ≥ unspecified, < 17.1
debian•debian_linux
11.0 | 12.0
fedoraproject•fedora
38 | 39
Unknown•WebKitGTK
< 2.42.3