CVE-2024-23213
Summary
| CVE | CVE-2024-23213 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-23 01:15:11 UTC |
| Updated | 2026-04-02 19:16:56 UTC |
| Description | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: NVD-CWE-noinfo | CWE-119 | Processing web content may lead to arbitrary code execution | CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | ADP | DECLARED | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apple | Safari | affected 17.3 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 16.7.5 custom | Not specified |
| CNA | Apple | IOS And IPadOS | affected 17.3 custom | Not specified |
| CNA | Apple | MacOS | affected 14.3 custom | Not specified |
| CNA | Apple | TvOS | affected 17.3 custom | Not specified |
| CNA | Apple | WatchOS | affected 10.3 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| seclists.org/fulldisclosure/2024/Jan/27 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-8 watchOS 10.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| seclists.org/fulldisclosure/2024/Jan/34 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-9 tvOS 17.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/en-us/HT214055 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/120306 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120310 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214060 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/120304 | [email protected] | support.apple.com | |
| support.apple.com/en-us/120309 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214055 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214056 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/kb/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| seclists.org/fulldisclosure/2024/Jan/33 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| support.apple.com/kb/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/kb/HT214056 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| support.apple.com/en-us/120311 | [email protected] | support.apple.com | |
| support.apple.com/en-us/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/kb/HT214063 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/HT214061 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| Full Disclosure: APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory |
| oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| support.apple.com/en-us/120339 | [email protected] | support.apple.com | |
| support.apple.com/en-us/HT214060 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/HT214059 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 200105 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6631-1)
- 284906 Fedora Security Update for webkitgtk (FEDORA-2024-ca3f071aea)
- 284994 Fedora Security Update for webkitgtk (FEDORA-2024-97faaca23d)
- 357216 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2459
- 379297 Apple Safari Multiple Vulnerabilities (HT214056)
- 379299 Apple macOS Sonoma 14.3 Not Installed (HT214061)
- 6000472 Debian Security Update for webkit2gtk (DSA 5618-1)
- 610538 Apple iOS 17.3 and iPadOS 17.3 Security Update Missing (HT214059)
- 610539 Apple iOS 16.7.5 and iPadOS 16.7.5 Security Update Missing (HT214063)
- 755770 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0519-1)
- 755789 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0545-1)
- 755802 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0548-1)