CVE-2023-36191 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Macos Monterey

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents3 sources

Severity

5.5MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Monterey Apple Macos Sonoma Apple Macos Ventura

Timeline

PublishedOct 25

Description

Apple Security Update: About the security content of macOS Monterey 12.7.1 Product: macOS Monterey Version: 12.7.1 CVE: CVE-2023-40421 Component: CVE-2023-36191 Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with additional restrictions.

Affected Packages3 packages

▶Appleapple/macos_monterey12.7.1

▶Appleapple/macos_sonoma14.1

▶Appleapple/macos_ventura13.6.1

🔴Vulnerability Details

GHSA

GHSA-h9rq-cvxv-r43v: sqlite3 v3↗2023-06-23

▶

📋Vendor Advisories

Apple

CVE-2023-40421: macOS Monterey 12.7.1↗2023-10-25

▶

Apple

CVE-2023-36191: macOS Ventura 13.6.1↗2023-10-25

▶

Apple

CVE-2023-36191: macOS Monterey 12.7.1↗2023-10-25

▶

Apple

CVE-2023-40421: macOS Ventura 13.6.1↗2023-10-25

▶

Apple

CVE-2023-40421: macOS Sonoma 14.1↗2023-10-25

▶