{"api_version":"1","generated_at":"2026-04-23T01:33:24+00:00","cve":"CVE-2023-39434","urls":{"html":"https://cve.report/CVE-2023-39434","api":"https://cve.report/api/cve/CVE-2023-39434.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-39434","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-39434"},"summary":{"title":"CVE-2023-39434","description":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2023-09-27 15:18:00","updated_at":"2024-01-31 15:15:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","name":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-2 macOS Sonoma 14","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-33","name":"https://security.gentoo.org/glsa/202401-33","refsource":"","tags":[],"title":"WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","name":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-8 watchOS 10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213937","name":"https://support.apple.com/en-us/HT213937","refsource":"MISC","tags":[],"title":"About the security content of watchOS 10 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213938","name":"https://support.apple.com/en-us/HT213938","refsource":"MISC","tags":[],"title":"About the security content of iOS 17 and iPadOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","name":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213940","name":"https://support.apple.com/en-us/HT213940","refsource":"MISC","tags":[],"title":"About the security content of macOS Sonoma 14 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-39434","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39434","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"39434","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39434","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39434","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39434","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-39434","qid":"161084","title":"Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-6535)"},{"cve":"CVE-2023-39434","qid":"161167","title":"Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-7055)"},{"cve":"CVE-2023-39434","qid":"242303","title":"Red Hat Update for webkit2gtk3 (RHSA-2023:6535)"},{"cve":"CVE-2023-39434","qid":"242457","title":"Red Hat Update for webkit2gtk3 (RHSA-2023:7055)"},{"cve":"CVE-2023-39434","qid":"357018","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2427"},{"cve":"CVE-2023-39434","qid":"6000203","title":"Debian Security Update for webkit2gtk (DSA 5468-1)"},{"cve":"CVE-2023-39434","qid":"610525","title":"Apple iOS 17 and iPadOS 17 Security Update Missing (HT213938)"},{"cve":"CVE-2023-39434","qid":"710848","title":"Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-33)"},{"cve":"CVE-2023-39434","qid":"755164","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4211-1)"},{"cve":"CVE-2023-39434","qid":"755166","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4209-1)"},{"cve":"CVE-2023-39434","qid":"755202","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4294-1)"},{"cve":"CVE-2023-39434","qid":"941362","title":"AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:6535)"},{"cve":"CVE-2023-39434","qid":"941448","title":"AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:7055)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-39434","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing web content may lead to arbitrary code execution"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"14"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"10"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.apple.com/en-us/HT213938","refsource":"MISC","name":"https://support.apple.com/en-us/HT213938"},{"url":"https://support.apple.com/en-us/HT213940","refsource":"MISC","name":"https://support.apple.com/en-us/HT213940"},{"url":"https://support.apple.com/en-us/HT213937","refsource":"MISC","name":"https://support.apple.com/en-us/HT213937"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/8"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/9"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/3"}]}},"nvd":{"publishedDate":"2023-09-27 15:18:00","lastModifiedDate":"2024-01-31 15:15:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}