← Retour aux CVEs

CVE-2023-28204

MEDIUMCISA KEV

6.5

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Details CVE

Score CVSS v3.16.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie6/23/2023

Derniere modification10/23/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurApple

ProduitMultiple Products

Nom vulnerabiliteApple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Date ajout KEV2023-05-22

Date limite remediation2023-06-12

Utilise dans ransomwareUnknown

Produits affectes

apple:ipadosapple:iphone_osapple:macosapple:safariapple:tvosapple:watchoswebkitgtk:webkitgtk\+

Faiblesses (CWE)

CWE-125CWE-125

References

https://security.gentoo.org/glsa/202401-04(product-security@apple.com)

https://support.apple.com/en-us/HT213757(product-security@apple.com)

https://support.apple.com/en-us/HT213758(product-security@apple.com)

https://support.apple.com/en-us/HT213761(product-security@apple.com)

https://support.apple.com/en-us/HT213762(product-security@apple.com)

https://support.apple.com/en-us/HT213764(product-security@apple.com)

https://support.apple.com/en-us/HT213765(product-security@apple.com)

https://security.gentoo.org/glsa/202401-04(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213757(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213758(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213761(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213762(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213764(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT213765(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.