CVE-2023-42938Protection Mechanism Failure in Apple Itunes FOR Windows

CWE-693Protection Mechanism FailureCWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Itunes FOR WindowsApple Itunes
Timeline
PublishedMar 14
Latest updateMay 2

Description

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/itunes_for_windowsunspecified12.13
NVDapple/itunes< 12.13.1

🔴Vulnerability Details

2
GHSA
GHSA-chrr-r69v-42vf: A logic issue was addressed with improved checks2024-03-14
CVEList
CVE-2023-42938: A logic issue was addressed with improved checks2024-03-14

📋Vendor Advisories

2
Red Hat
kernel: loop: Fix use-after-free issues2025-05-02
Apple
CVE-2023-42938: iTunes 12.13.1 for Windows2023-12-14
CVE-2023-42938 — Protection Mechanism Failure in Apple | cvebase