Bug 2253054 (CVE-2023-42916) - CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak
Summary: CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-42916
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2253055
Blocks: 2253040
TreeView+ depends on / blocked
 
Reported: 2023-12-05 19:33 UTC by Marco Benatto
Modified: 2025-07-07 02:27 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-12-05 19:51:42 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10364 0 None None None 2025-07-07 02:27:10 UTC

Description Marco Benatto 2023-12-05 19:33:48 UTC 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

References:
https://webkitgtk.org/security/WSA-2023-0011.html
http://www.openwall.com/lists/oss-security/2023/12/05/1
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
Comment 1 Marco Benatto 2023-12-05 19:37:29 UTC 
Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2253055]
Comment 2 errata-xmlrpc 2025-07-07 02:27:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
Note You need to log in before you can comment on or make changes to this bug.