{"api_version":"1","generated_at":"2026-04-23T01:33:25+00:00","cve":"CVE-2023-42916","urls":{"html":"https://cve.report/CVE-2023-42916","api":"https://cve.report/api/cve/CVE-2023-42916.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-42916","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-42916"},"summary":{"title":"Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability","description":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","state":"RESERVED","assigner":"cve@mitre.org","published_at":"2023-11-30 23:15:00","updated_at":"2024-01-26 17:15:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT214032","name":"https://support.apple.com/en-us/HT214032","refsource":"","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/5","name":"http://seclists.org/fulldisclosure/2023/Dec/5","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2023/dsa-5575","name":"https://www.debian.org/security/2023/dsa-5575","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214033","name":"https://support.apple.com/en-us/HT214033","refsource":"","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/8","name":"http://seclists.org/fulldisclosure/2023/Dec/8","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/12/05/1","name":"http://www.openwall.com/lists/oss-security/2023/12/05/1","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-04","name":"https://security.gentoo.org/glsa/202401-04","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/13","name":"http://seclists.org/fulldisclosure/2023/Dec/13","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-12-11-2023-8 watchOS 10.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT214031","name":"https://support.apple.com/en-us/HT214031","refsource":"","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/12","name":"http://seclists.org/fulldisclosure/2023/Dec/12","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-12-11-2023-7 tvOS 17.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/3","name":"http://seclists.org/fulldisclosure/2023/Dec/3","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Dec/4","name":"http://seclists.org/fulldisclosure/2023/Dec/4","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/35","name":"http://seclists.org/fulldisclosure/2024/Jan/35","refsource":"","tags":[],"title":"Full Disclosure: APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-42916","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42916","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"42916","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42916","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42916","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42916","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"42916","cve":"CVE-2023-42916","vendorProject":"Apple","product":"Multiple Products","vulnerabilityName":"Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability","dateAdded":"2023-12-04","shortDescription":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","requiredAction":"Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.","dueDate":"2023-12-25","knownRansomwareCampaignUse":"Unknown","notes":"https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42916","cwes":"CWE-125","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2023","cve_id":"42916","cve":"CVE-2023-42916","epss":"0.000470000","percentile":"0.144630000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2023-42916","qid":"199993","title":"Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6545-1)"},{"cve":"CVE-2023-42916","qid":"284802","title":"Fedora Security Update for webkitgtk (FEDORA-2023-540bb86780)"},{"cve":"CVE-2023-42916","qid":"285109","title":"Fedora Security Update for webkitgtk (FEDORA-2023-f844a8fa64)"},{"cve":"CVE-2023-42916","qid":"357018","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2427"},{"cve":"CVE-2023-42916","qid":"379087","title":"Apple macOS Sonoma 14.1.2 Not Installed (HT214032)"},{"cve":"CVE-2023-42916","qid":"379088","title":"Apple Safari Multiple Vulnerabilities (HT214033)"},{"cve":"CVE-2023-42916","qid":"6000377","title":"Debian Security Update for webkit2gtk (DSA 5575-1)"},{"cve":"CVE-2023-42916","qid":"610530","title":"Apple iOS 17.1.2 and iPadOS 17.1.2 Security Update Missing"},{"cve":"CVE-2023-42916","qid":"610532","title":"Apple iOS 16.7.3 and iPadOS 16.7.3 Security Update Missing"},{"cve":"CVE-2023-42916","qid":"610540","title":"Apple iOS 15.8.1 and iPadOS 15.8.1 Security Update Missing (HT214062)"},{"cve":"CVE-2023-42916","qid":"710824","title":"Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-04)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-42916","ASSIGNER":"cve@mitre.org","STATE":"RESERVED"},"description":{"description_data":[{"lang":"eng","value":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."}]}},"nvd":{"publishedDate":"2023-11-30 23:15:00","lastModifiedDate":"2024-01-26 17:15:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"17.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.1.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}