{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-40789", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-07-10T17:11:04.689Z", "datePublished": "2024-07-29T22:16:57.905Z", "dateUpdated": "2024-10-30T14:23:38.110Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to an unexpected process crash"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "1.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash."}], "references": [{"url": "https://support.apple.com/en-us/HT214121"}, {"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214116"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214123"}, {"url": "https://support.apple.com/en-us/HT214122"}, {"url": "https://support.apple.com/kb/HT214121"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:57.905Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T19:47:22.230489Z", "id": "CVE-2024-40789", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:23:38.110Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.706Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214121", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214116", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214123", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214122", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214121", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214121", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214116", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214123", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214122", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214121", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.706Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-30T19:47:22.230489Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T19:47:28.447Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214121"}, {"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214116"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214123"}, {"url": "https://support.apple.com/en-us/HT214122"}, {"url": "https://support.apple.com/kb/HT214121"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to an unexpected process crash"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:57.905Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40789", "state": "PUBLISHED", "dateUpdated": "2024-10-30T14:23:38.110Z", "dateReserved": "2024-07-10T17:11:04.689Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-07-29T22:16:57.905Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", "versionEndExcluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8", "versionEndExcluding": "16.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C", "versionEndExcluding": "17.6", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39", "versionEndExcluding": "16.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF", "versionEndExcluding": "17.6", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9", "versionEndExcluding": "14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", "versionEndExcluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", "versionEndExcluding": "1.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0", "versionEndExcluding": "10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash."}, {"lang": "es", "value": " Se solucion\u00f3 un problema de acceso fuera de los l\u00edmites mejorando la verificaci\u00f3n de l\u00edmites. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso."}], "id": "CVE-2024-40789", "lastModified": "2024-10-30T15:35:13.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T23:15:12.270", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214116"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214117"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214119"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214121"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214122"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214123"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214124"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/kb/HT214121"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9636", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.46.3-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9680", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "webkit2gtk3-0:2.46.3-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9679", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "webkit2gtk3-0:2.46.3-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9653", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "webkit2gtk3-0:2.46.3-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9646", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "webkit2gtk3-0:2.46.3-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:8180", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8496", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "webkit2gtk3-0:2.46.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-10-28T00:00:00Z"}, {"advisory": "RHSA-2024:8492", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "webkit2gtk3-0:2.46.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-28T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash", "id": "2302067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Do not process or load untrusted web content with WebKitGTK."}, "name": "CVE-2024-40789", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40789\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40789\nhttps://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"], "statement": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.", "threat_severity": "Moderate"}