PT-2023-4201 · Apple+8 · Safari+14

Jikai Ren

Published

2023-07-18

Updated

2024-04-26

CVE-2023-38595

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6

Description The issue is related to processing web content and may lead to arbitrary code execution. It is caused by a buffer overflow in the WebKitGTK and WPE WebKit modules. A remote attacker can exploit this issue to execute arbitrary code.

Recommendations For iOS versions prior to 16.6, update to iOS 16.6 or later. For iPadOS versions prior to 16.6, update to iPadOS 16.6 or later. For tvOS versions prior to 16.6, update to tvOS 16.6 or later. For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 or later. For Safari versions prior to 16.6, update to Safari 16.6 or later. For watchOS versions prior to 9.6, update to watchOS 9.6 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2023:6535

ALSA-2023:7055

BDU:2023-04516

CESA-2023_4202

CESA-2023_7055

CVE-2023-38595

DSA-5468-1

MGASA-2024-0148

OPENSUSE-SU-2023_3233-1

OPENSUSE-SU-2023_3419-1

OPENSUSE-SU-2023_3753-1

RHSA-2023:4201

RHSA-2023:4202

RHSA-2023:6535

RHSA-2023:7055

RHSA-2023_4201

RHSA-2023_4202

RHSA-2023_6535

RHSA-2023_7055

RHSA-2025:10364

SUSE-SU-2023:3233-1

SUSE-SU-2023:3237-1

SUSE-SU-2023:3300-1

SUSE-SU-2023:3419-1

SUSE-SU-2023:3753-1

USN-6289-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Safari

Suse

Ubuntu

Ios

Ipados

Macos Ventura

Tvos

Watchos

PT-2023-4201 · Apple+8 · Safari+14

CVE-2023-38595

Weakness Enumeration

Related Identifiers

Affected Products

References · 140