CVE-2023-39434
published 2023-09-27CVE-2023-39434: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web…
PriorityP350high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.52%
71.5th percentile
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_17_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 17 | 17 |
| apple | ipados | < 17.0 | 17.0 |
| apple | iphone_os | < 17.0 | 17.0 |
| apple | macos | < 14.0 | 14.0 |
| apple | macos | >= unspecified < 14 | 14 |
| apple | macos_sonoma | — | — |
| apple | safari | — | — |
| apple | tvos | — | — |
| apple | watchos | < 10.0 | 10.0 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 10 | 10 |
| debian | webkit2gtk | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: processing web content may lead to arbitrary code execution
vendor_redhat·2023-09-28·CVSS 8.8
CVE-2023-39434 [HIGH] CWE-416 webkitgtk: processing web content may lead to arbitrary code execution
webkitgtk: processing web content may lead to arbitrary code execution
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
A use-after-free vulnerability was found in WebKitGTK. This issue could allow an attacker to cause memory corruption and execute Remote Code Execution. The victim needs to visit a malicious web page in order for a successful attack to be accomplished.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: webkitgtk4 (Red Hat Enterprise Linux 7) - Out of support scope
Package: webkit2gtk3 (Red Hat Enterprise Linux 8) -
Apple
CVE-2023-39434: macOS Sonoma 14
vendor_apple·2023-09-26·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: macOS Sonoma 14
Apple Security Update: About the security content of macOS Sonoma 14
Product: macOS Sonoma
Version: 14
CVE: CVE-2023-39434
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Apple
CVE-2023-39434: Safari 17
vendor_apple·2023-09-26·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: Safari 17
Apple Security Update: About the security content of Safari 17
Product: Safari
Version: 17
CVE: CVE-2023-39434
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Apple
CVE-2023-39434: tvOS 17
vendor_apple·2023-09-18·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: tvOS 17
Apple Security Update: About the security content of tvOS 17
Product: tvOS
Version: 17
CVE: CVE-2023-39434
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Apple
CVE-2023-39434: watchOS 10
vendor_apple·2023-09-18·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: watchOS 10
Apple Security Update: About the security content of watchOS 10
Product: watchOS
Version: 10
CVE: CVE-2023-39434
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Apple
CVE-2023-39434: iOS 17 and iPadOS 17
vendor_apple·2023-09-18·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: iOS 17 and iPadOS 17
Apple Security Update: About the security content of iOS 17 and iPadOS 17
Product: iOS 17 and iPadOS
Version: 17
CVE: CVE-2023-39434
Component: WebKit
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Debian
CVE-2023-39434: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue...
vendor_debian·2023·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue...
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.40.5-1~deb12u1)
bullseye: resolved (fixed in 2.40.5-1~deb11u1)
forky: resolved (fixed in 2.40.5-1)
sid: resolved (fixed in 2.40.5-1)
trixie: resolved (fixed in 2.40.5-1)
OSV
CVE-2023-39434: A use-after-free issue was addressed with improved memory management
osv·2023-09-27·CVSS 8.8
CVE-2023-39434 [HIGH] CVE-2023-39434: A use-after-free issue was addressed with improved memory management
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
GHSA
GHSA-84c6-x9x8-7q38: A use-after-free issue was addressed with improved memory management
ghsa_unreviewed·2023-09-27
CVE-2023-39434 [HIGH] CWE-416 GHSA-84c6-x9x8-7q38: A use-after-free issue was addressed with improved memory management
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Oct/3http://seclists.org/fulldisclosure/2023/Oct/8http://seclists.org/fulldisclosure/2023/Oct/9http://www.openwall.com/lists/oss-security/2023/09/28/3https://security.gentoo.org/glsa/202401-33https://support.apple.com/en-us/HT213937https://support.apple.com/en-us/HT213938https://support.apple.com/en-us/HT213940http://seclists.org/fulldisclosure/2023/Oct/3http://seclists.org/fulldisclosure/2023/Oct/8http://seclists.org/fulldisclosure/2023/Oct/9http://www.openwall.com/lists/oss-security/2023/09/28/3https://security.gentoo.org/glsa/202401-33https://support.apple.com/en-us/HT213937https://support.apple.com/en-us/HT213938https://support.apple.com/en-us/HT213940https://webkitgtk.org/security/WSA-2023-0009.html
2023-09-27
Published