A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apple
  • Ipados
  • Iphone Os
  • Macos
  • Safari
  • Tvos
  • Watchos
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus

Configuration 1 [-]

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.42.5-1.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2982 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
webkit2gtk3-0:2.46.3-1.el8_2 cpe:/a:redhat:rhel_aus:8.2 RHSA-2024:9680 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_4 cpe:/a:redhat:rhel_aus:8.4 RHSA-2024:9679 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_4 cpe:/a:redhat:rhel_tus:8.4 RHSA-2024:9679 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_4 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2024:9679 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_6 cpe:/a:redhat:rhel_aus:8.6 RHSA-2024:9653 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_6 cpe:/a:redhat:rhel_tus:8.6 RHSA-2024:9653 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_6 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2024:9653 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
webkit2gtk3-0:2.46.3-1.el8_8 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:9646 2024-11-14T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.42.5-1.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2126 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.46.1-1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2024:8496 2024-10-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.46.1-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:8492 2024-10-28T00:00:00Z
References
Link Providers
http://seclists.org/fulldisclosure/2023/Oct/19 cve-icon cve-icon
http://seclists.org/fulldisclosure/2023/Oct/22 cve-icon cve-icon
http://seclists.org/fulldisclosure/2023/Oct/23 cve-icon cve-icon
http://seclists.org/fulldisclosure/2023/Oct/24 cve-icon cve-icon
http://seclists.org/fulldisclosure/2023/Oct/25 cve-icon cve-icon
http://seclists.org/fulldisclosure/2023/Oct/27 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2023/11/15/1 cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-42852 cve-icon
https://security.gentoo.org/glsa/202401-33 cve-icon cve-icon
https://support.apple.com/en-us/HT213981 cve-icon cve-icon
https://support.apple.com/en-us/HT213982 cve-icon cve-icon
https://support.apple.com/en-us/HT213984 cve-icon cve-icon
https://support.apple.com/en-us/HT213986 cve-icon cve-icon
https://support.apple.com/en-us/HT213987 cve-icon cve-icon
https://support.apple.com/en-us/HT213988 cve-icon cve-icon
https://support.apple.com/kb/HT213984 cve-icon cve-icon
https://webkitgtk.org/security/WSA-2023-0010.html cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-42852 cve-icon
https://www.debian.org/security/2023/dsa-5557 cve-icon cve-icon
History

Sat, 16 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel Tus

Tue, 29 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel E4s
Redhat rhel Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2023-10-25T18:32:18.866Z

Updated: 2024-08-02T19:30:24.683Z

Reserved: 2023-09-14T19:05:11.450Z

Link: CVE-2023-42852

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-25T19:15:10.843

Modified: 2024-11-21T08:23:22.010

Link: CVE-2023-42852

cve-icon Redhat

Severity : Important

Publid Date: 2023-11-15T00:00:00Z

Links: CVE-2023-42852 - Bugzilla