CVE-2023-27958Allocation of Resources Without Limits or Throttling in Apple Macos

CWE-770Allocation of Resources Without Limits or Throttling7 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 47.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple MacosApple Macos BIG SURApple Macos Monterey+1 more
Timeline
PublishedMay 8
Latest updateJul 13

Description

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages5 packages

Appleapple/macos_monterey12.6.4
CVEListV5apple/macosunspecified13.3+2
NVDapple/macos11.011.7.5+2
Appleapple/macos_big_sur11.7.5

🔴Vulnerability Details

1
GHSA
GHSA-j23x-w7m9-8c47: The issue was addressed with improved memory handling2023-05-08

📋Vendor Advisories

3
Apple
CVE-2023-27958: macOS Big Sur 11.7.52023-03-27
Apple
CVE-2023-27958: macOS Ventura 13.32023-03-27
Apple
CVE-2023-27958: macOS Monterey 12.6.42023-03-27

🕵️Threat Intelligence

2
Talos
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation2023-07-13
Talos
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation2023-07-13