CVE-2023-28199 — Out-of-bounds Read in Apple Macos

CWE-125 — Out-of-bounds Read6 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos BIG SUR Apple Macos Monterey +1 more

Timeline

PublishedAug 14

Latest updateAug 15

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Appleapple/macos_ventura13.3

▶CVEListV5apple/macosunspecified — 13.3

▶NVDapple/macos13.0 — 13.3

▶Appleapple/macos_big_sur11.7.5

▶Appleapple/macos_monterey12.6.4

🔴Vulnerability Details

GHSA

GHSA-5792-v2q3-5rmq: An out-of-bounds read issue existed that led to the disclosure of kernel memory↗2023-08-15

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Third Party (Dpdk) — CVE-2022-28199↗2023-04-15

▶

Apple

CVE-2023-28199: macOS Monterey 12.6.4↗2023-03-27

▶

Apple

CVE-2023-28199: macOS Big Sur 11.7.5↗2023-03-27

▶

Apple

CVE-2023-28199: macOS Ventura 13.3↗2023-03-27

▶