CVE-2023-42917

Advisory lineage Upstream: 0 Downstream: 19

Downstream

DEBIAN-CVE-2023-42917 DSA-5575-1 RHSA-2023:7715 RHSA-2023:7716 RHSA-2024:2126 RHSA-2024:2982

Analyzed

Published: 30 Nov 2023, 22:18

Last modified:21 Oct 2025, 23:05

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

v3.1 (cve.org)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Nov 2023, 22:18

Published

Vulnerability first disclosed

04 Dec 2023, 00:00

Added to CISA KEV

Apple Multiple Products WebKit Memory Corruption Vulnerability

25 Dec 2023, 00:00

CISA Remediation Due

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

21 Oct 2025, 23:05

Last Modified

Vulnerability information updated

Description

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.07%• Percentile: 21%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

Unknown•iOS and iPadOS
≥ unspecified, < 17.1
apple•ipados
< 15.8.1 | ≥ 16.0, < 16.7.3 | ≥ 17.0, < 17.1.2
apple•iphone_os
< 15.8.1 | ≥ 16.0, < 16.7.3 | ≥ 17.0, < 17.1.2
Unknown•macOS
≥ 14.0, < 14.1.2 | ≥ unspecified, < 14.1
apple•safari
< 17.1.2 | ≥ unspecified, < 17.1
debian•debian_linux
11.0 | 12.0
fedoraproject•fedora
38 | 39
Unknown•WebKitGTK
< 2.42.3