CVE-2023-42956
Published: March 27, 2024Last modified: November 6, 2024
Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Liberica JDK | 8 | jdk-full | Fixed (8u432+7) |
| jre-full | Fixed (8u432+7) | ||
| 11 | jdk-full | Fixed (11.0.25+11) | |
| jre-full | Fixed (11.0.25+11) | ||
| 17 | jdk-full | Fixed (17.0.13+12) | |
| jre-full | Fixed (17.0.13+12) | ||
| 21 | jdk-full | Fixed (21.0.5+11) | |
| jre-full | Fixed (21.0.5+11) | ||
| 23 | jdk-full | Fixed (23.0.1+13) | |
| jre-full | Fixed (23.0.1+13) | ||
| Liberica NIK | 23 (JDK 17) | full | Fixed (23.0.6+1) |
| 23 (JDK 21) | full | Fixed (23.1.5+1) | |
| 24 (JDK 23) | full | Fixed (24.1.1+1) |
References
- http://www.openwall.com/lists/oss-security/2024/03/26/1
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
- https://support.apple.com/en-us/HT214035
- https://support.apple.com/en-us/HT214036
- https://support.apple.com/en-us/HT214039
- https://support.apple.com/kb/HT214039