CVE-2023-40449

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Уязвимость DoS атаки в iOS, iPadOS и macOS из-за проблем с обработкой памяти

Описание

Проблема решена путем улучшения обработки памяти. Приложение способно вызвать DoS атаку.

Затронутые версии ПО

iOS < 17.1
iPadOS < 17.1
macOS Monterey < 12.7.1
iOS < 16.7.2
iPadOS < 16.7.2
macOS Ventura < 13.6.1
macOS Sonoma < 14.1

Тип уязвимости

DoS атака

Ссылки

http://seclists.org/fulldisclosure/2023/Oct/19
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/24
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/26
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT213981
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213982
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213983
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213984
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213985
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213981
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213982
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213983
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213984
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213985
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/19
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/23
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/24
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/26
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 16.7.2 (исключая)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.1 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 16.7.2 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.1 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.7.1 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.6.1 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.1 (исключая)

EPSS

Процентиль: 5%

0.00025

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-119

Связанные уязвимости

GHSA-22x6-c42f-8q7h

CVSS3: 5.5

github

почти 2 года назад

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.

BDU:2024-00554

CVSS3: 5.5

fstec

почти 2 года назад

Уязвимость компонента CoreAnimation операционных систем iOS, macOS, iPadOS , позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 5%

0.00025

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-119