Vulnerability Report

CVE-2023-42916

CISA KEV Active

Title: Apple Safari Memory Corruption

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2023-42916.

CWE Category CWE-125

Published Date Nov 30, 2023

Modified Date Oct 23, 2025

Exploit Status Not Found

Score 6.5 CVSS v3.1

Exploit Probability (EPSS)

0.05%

Vulnerability Summary

CVE-2023-42916: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Impacted Vendors

webkitgtk 1

webkit 1

apple 1

Reference Links

http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/ https://lists.fedoraproject.org/archives/list/[email protected]/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/ https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT214031 https://support.apple.com/en-us/HT214032 https://support.apple.com/en-us/HT214033 https://support.apple.com/kb/HT214033 https://support.apple.com/kb/HT214034 https://support.apple.com/kb/HT214062 https://www.debian.org/security/2023/dsa-5575 http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/ https://lists.fedoraproject.org/archives/list/[email protected]/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/ https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT214031 https://support.apple.com/en-us/HT214032 https://support.apple.com/en-us/HT214033 https://support.apple.com/kb/HT214033 https://support.apple.com/kb/HT214034 https://support.apple.com/kb/HT214062 https://www.debian.org/security/2023/dsa-5575 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42916

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

6.5

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity MEDIUM

6.5

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-42916 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

October 23, 2025 MODIFIED

Vulnerability data or affected products updated.

November 30, 2023 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction REQUIRED

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Stack

No specific products linked.