CVE-2023-23524 — Uncontrolled Resource Consumption in Apple IOS AND Ipados

CWE-400 — Uncontrolled Resource Consumption8 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +5 more

Timeline

PublishedFeb 27

Latest updateAug 1

Description

A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶Appleapple/macos_ventura13.2.1

▶CVEListV5apple/tvosunspecified — 16.3

▶NVDapple/tvos< 16.3.2

▶CVEListV5apple/macosunspecified — 13.2

▶NVDapple/macos< 13.2.1

🔴Vulnerability Details

GHSA

GHSA-r596-4r66-j5v5: A denial-of-service issue was addressed with improved input validation↗2023-02-27

▶

VulnCheck

Apple ipados Uncontrolled Resource Consumption↗2023

▶

📋Vendor Advisories

Apple

CVE-2023-23524: macOS Ventura 13.2.1↗2023-02-13

▶

Apple

CVE-2023-23524: watchOS 9.3.1↗2023-02-13

▶

Apple

CVE-2023-23524: iOS 16.3.1 and iPadOS 16.3.1↗2023-02-13

▶

Apple

CVE-2023-23524: tvOS 16.3.2↗2023-02-13

▶

📄Research Papers

RFC

Updates to X.509 Policy Validation↗2024-08-01

▶