CVE-2023-27956: Buffer Overflow
Published Mar 27, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Ye Zhang(Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), Adam M., an anonymous researcher, Jubaer Alnazi(TRS Group of Companies), Csaba Fitzl@@theevilbit(Offensive Security), ryuzaki, Meysam Firouzi@@R00tkitSMM(Mbition Mercedes), jzhu(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Pan ZhenPeng(STAR Labs SG Pte), Zechao Cai@@Zech4o(Zhejiang University), Adam Doupé(ASU SEFCOM), sqrtpwn, Félix Poulin-Bélanger, David Pan Ogea, an anonymous researcher(Red Canary), Brandon Dalton@@partyD0lphin(Red Canary), Milan Tenk(F), (F), Arthur Valiev(F), Mickey Jin@@patch1t, Zweig(Kunlun Lab), Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College Of Technology Bhopal), Zhuowei Zhang, developStorm, Anton Spivak, Yiğit Can YILMAZ@@yilmazcanyigit, Jubaer Alnazi Jabin(TRS Group Of Companies), (Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Xin Huang@@11iaxH, Gertjan Franken(imec), KU Leuven, hazbinhotel(Trend Micro Zero Day Initiative), Hyeon Park@@tree_segment(Team ApplePIE), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), Boris Larin@@oct0xor(Kaspersky), (Kaspersky), Valentin Pashkov(Kaspersky), Anonymous(Trend Micro Zero Day Initiative), Dohyun Lee@@l33d0hyun(SSD Labs), crixer@@pwning_me(SSD Labs), Tingting Yin(Tsinghua University), Itay Iellin(General Motors Product Cyber Security), Etienne Charron(Renault), Khadim Dieng(Renault), JeongOhKyea, Jianjun Dai(360 Vulnerability Research Institute), Guang Gong(360 Vulnerability Research Institute), Mohamed GHANNAM@@_simo36, Mohamed GHANNAM, Mohamed Ghannam@@_simo36, Rıza Sabuncu@@rizasabuncu, Aleksandar Nikolic(Cisco Talos), Mikko Kenttälä )@@Turmio_(SensorFu), Joshua Jones, Murray Mike, Arsenii Kostromin (0x3c3e), Xinru Chi(Pangu Lab), Ned Williamson(Google Project Zero), Khiem Tran, Mickey Jin@@patch1t(FFRI Security Inc), Koh M. Nakagawa(FFRI Security Inc), (Offensive Security), Masahiro Kawada@@kawakatz(GMO Cybersecurity by Ierae), Guilherme Rambo(Best Buddy Apps), CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, ABC Research s.r.o., Wojciech Reguła@@_r3ggi(SecuRing), Chan Shue Long(Offensive Security), Junoh Lee at Theori, CVE-2022-43551, CVE-2022-43552
Affected Software
16 affected componentsFixes available
Apple tvOS<16.4
16.4
Apple WatchOS<9.4
9.4
Apple macOS Ventura<13.3
13.3
Apple Ipad Os<15.7.4
Apple Ipad Os>=16.0<16.4
Apple iPhone OS<15.7.4
Apple iPhone OS>=16.0<16.4
Apple macOS>=13.0<13.3
Apple tvOS<16.4
Apple WatchOS<9.4
Apple iOS<16.4
16.4
Apple iPadOS<16.4
16.4
Apple iOS<15.7.4
15.7.4
Apple iPadOS<15.7.4
15.7.4
Apple iPadOS<15.7.4
Apple iPadOS>=16.0<16.4
Event History
Mar 27, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
May 8, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Data Sourced
08:15 PM
Description
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-27956.
2
What is the severity of CVE-2023-27956?
The severity of CVE-2023-27956 is medium, with a severity value of 5.5.
3
What software versions are affected by CVE-2023-27956?
CVE-2023-27956 affects watchOS 9.4, tvOS up to 16.4, iOS up to 15.7.4, and macOS Ventura up to 13.3.
4
How can I fix CVE-2023-27956?
To fix CVE-2023-27956, update your software to macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, or watchOS 9.4.
5
What could happen if a maliciously crafted image is processed?
Processing a maliciously crafted image may result in the disclosure of process memory.