PT-2023-6800 · Apple+5 · Safari+12

Dong Jun Kim

Published

2023-05-03

Updated

2024-01-31

CVE-2023-35074

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to the fixed version WPE WebKit versions prior to the fixed version tvOS versions prior to 17 Safari versions prior to 17 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 macOS versions prior to Sonoma 14

Description The issue is related to a buffer overflow in memory, which may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Processing web content may lead to arbitrary code execution.

Recommendations For WebKitGTK, update to a version that includes improved memory handling. For WPE WebKit, update to a version that includes improved memory handling. For tvOS, update to version 17 or later. For Safari, update to version 17 or later. For watchOS, update to version 10 or later. For iOS, update to version 17 or later. For iPadOS, update to version 17 or later. For macOS, update to Sonoma 14 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2023-07666

CESA-2023_4202

CVE-2023-35074

DSA-5396-1

DSA-5396-2

OPENSUSE-SU-2023_4294-1

RHSA-2023:4201

RHSA-2023:4202

RHSA-2023_4201

RHSA-2023_4202

RHSA-2025:10364

SUSE-SU-2023:4209-1

SUSE-SU-2023:4211-1

SUSE-SU-2023:4294-1

SUSE-SU-2023:4339-1

Affected Products

Astra Linux

Centos

Debian

Apple Macos

Red Hat

Safari

Suse

Wpe Webkit

Webkitgtk

Ios

Ipados

Tvos

Watchos

PT-2023-6800 · Apple+5 · Safari+12

CVE-2023-35074

Weakness Enumeration

Related Identifiers

Affected Products

References · 61