CVE-2023-40403
published 2023-09-27CVE-2023-40403: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.09%
61.3th percentile
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7_and_ipados | — | — |
| apple | ios_17_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 17 | 17 |
| apple | ios_and_ipados | >= unspecified < 16.7 | 16.7 |
| apple | ipados | < 16.7 | 16.7 |
| apple | iphone_os | < 16.7 | 16.7 |
| apple | macos | >= 12.0.0 < 12.7 | 12.7 |
| apple | macos | >= 13.0 < 13.6 | 13.6 |
| apple | macos | >= unspecified < 12.7 | 12.7 |
| apple | macos | >= unspecified < 13.6 | 13.6 |
| apple | macos | >= unspecified < 14 | 14 |
| apple | macos_monterey | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | < 17.0 | 17.0 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < 17 | 17 |
| apple | watchos | < 10.0 | 10.0 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 10 | 10 |
| debian | libxslt | < libxslt 1.1.35-1+deb12u2 (bookworm) | libxslt 1.1.35-1+deb12u2 (bookworm) |
| xmlsoft | libxslt | >= 0 < 1.1.34-4+deb11u3 | 1.1.34-4+deb11u3 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1+deb12u2 | 1.1.35-1+deb12u2 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1.2+deb13u1 | 1.1.35-1.2+deb13u1 |
| xmlsoft | libxslt | >= 0 < 1.1.35-2 | 1.1.35-2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libxslt vulnerability
vendor_ubuntu·2025-06-26
CVE-2023-40403 libxslt vulnerability
Title: libxslt vulnerability
Summary: libxslt could be made to expose sensitive information.
It was discovered that libxslt could be made to expose sensitive
information about address space layout. An attacker could possibly use this
issue to bypass Address Space Layout Randomization (ASLR) protections.
Instructions: In general, a standard system update will make all the necessary changes.
Apple
CVE-2023-40403: macOS Sonoma 14
vendor_apple·2023-09-26·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: macOS Sonoma 14
Apple Security Update: About the security content of macOS Sonoma 14
Product: macOS Sonoma
Version: 14
CVE: CVE-2023-40403
Component: LaunchServices
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
Red Hat
libxslt: Processing web content may disclose sensitive information
vendor_redhat·2023-09-26·CVSS 6.3
CVE-2023-40403 [MEDIUM] CWE-200 libxslt: Processing web content may disclose sensitive information
libxslt: Processing web content may disclose sensitive information
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.
Statement: This CVE is a duplicate of CVE-2022-4909.
Package: libxslt (Red Hat Enterprise Linux 10) - Not affected
Package: libxslt (Red Hat Enterprise Linux 6) - Out of support scope
Package: libxslt (Red Hat Enterprise Linux 7) - Out of support scope
Package: rhcos (Red Hat OpenShift Container Platform 4) -
Apple
CVE-2023-40403: macOS Ventura 13.6
vendor_apple·2023-09-21·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: macOS Ventura 13.6
Apple Security Update: About the security content of macOS Ventura 13.6
Product: macOS Ventura
Version: 13.6
CVE: CVE-2023-40403
Component: Kernel
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
Apple
CVE-2023-40403: iOS 16.7 and iPadOS 16.7
vendor_apple·2023-09-21·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: iOS 16.7 and iPadOS 16.7
Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7
Product: iOS 16.7 and iPadOS
Version: 16.7
CVE: CVE-2023-40403
Component: Kernel
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
Apple
CVE-2023-40403: macOS Monterey 12.7
vendor_apple·2023-09-21·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: macOS Monterey 12.7
Apple Security Update: About the security content of macOS Monterey 12.7
Product: macOS Monterey
Version: 12.7
CVE: CVE-2023-40403
Component: Kernel
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
Apple
CVE-2023-40403: iOS 17 and iPadOS 17
vendor_apple·2023-09-18·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: iOS 17 and iPadOS 17
Apple Security Update: About the security content of iOS 17 and iPadOS 17
Product: iOS 17 and iPadOS
Version: 17
CVE: CVE-2023-40403
Component: Kernel
Impact: A remote user may be able to cause kernel code execution
Description: A type confusion issue was addressed with improved checks.
Apple
CVE-2023-40403: tvOS 17
vendor_apple·2023-09-18·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: tvOS 17
Apple Security Update: About the security content of tvOS 17
Product: tvOS
Version: 17
CVE: CVE-2023-40403
Component: Kernel
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with improved validation.
Apple
CVE-2023-40403: watchOS 10
vendor_apple·2023-09-18·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: watchOS 10
Apple Security Update: About the security content of watchOS 10
Product: watchOS
Version: 10
CVE: CVE-2023-40403
Component: Kernel
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with improved validation.
Debian
CVE-2023-40403: libxslt - The issue was addressed with improved memory handling. This issue is fixed in ma...
vendor_debian·2023·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: libxslt - The issue was addressed with improved memory handling. This issue is fixed in ma...
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Scope: local
bookworm: resolved (fixed in 1.1.35-1+deb12u2)
bullseye: resolved (fixed in 1.1.34-4+deb11u3)
forky: resolved (fixed in 1.1.35-2)
sid: resolved (fixed in 1.1.35-2)
trixie: resolved (fixed in 1.1.35-1.2+deb13u1)
OSV
CVE-2023-40403: The issue was addressed with improved memory handling
osv·2023-09-27·CVSS 6.5
CVE-2023-40403 [MEDIUM] CVE-2023-40403: The issue was addressed with improved memory handling
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
GHSA
GHSA-j822-w26r-9cxf: The issue was addressed with improved memory handling
ghsa_unreviewed·2023-09-27
CVE-2023-40403 [MEDIUM] GHSA-j822-w26r-9cxf: The issue was addressed with improved memory handling
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
No detection rules found.
No public exploits indexed.
http://seclists.org/fulldisclosure/2023/Oct/10http://seclists.org/fulldisclosure/2023/Oct/3http://seclists.org/fulldisclosure/2023/Oct/4http://seclists.org/fulldisclosure/2023/Oct/5http://seclists.org/fulldisclosure/2023/Oct/6http://seclists.org/fulldisclosure/2023/Oct/8http://seclists.org/fulldisclosure/2023/Oct/9https://support.apple.com/en-us/HT213927https://support.apple.com/en-us/HT213931https://support.apple.com/en-us/HT213932https://support.apple.com/en-us/HT213936https://support.apple.com/en-us/HT213937https://support.apple.com/en-us/HT213938https://support.apple.com/en-us/HT213940http://seclists.org/fulldisclosure/2023/Oct/10http://seclists.org/fulldisclosure/2023/Oct/3http://seclists.org/fulldisclosure/2023/Oct/4http://seclists.org/fulldisclosure/2023/Oct/5http://seclists.org/fulldisclosure/2023/Oct/6http://seclists.org/fulldisclosure/2023/Oct/8http://seclists.org/fulldisclosure/2023/Oct/9https://lists.debian.org/debian-lts-announce/2025/09/msg00024.htmlhttps://support.apple.com/en-us/HT213927https://support.apple.com/en-us/HT213931https://support.apple.com/en-us/HT213932https://support.apple.com/en-us/HT213936https://support.apple.com/en-us/HT213937https://support.apple.com/en-us/HT213938https://support.apple.com/en-us/HT213940https://support.apple.com/kb/HT213931https://support.apple.com/kb/HT213932https://support.apple.com/kb/HT213936https://support.apple.com/kb/HT213937https://support.apple.com/kb/HT213938https://support.apple.com/kb/HT213940
2023-09-27
Published