CVE-2023-40397: Buffer Overflow
Published Jul 24, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
Nick Brook, Kirin@@Pwnrin, pattern-f@@pattern_F_(Ant Security Light), Mohamed GHANNAM@@_simo36, Wojciech Regula(SecuRing), Kirin@@Pwnrin(SecuRing), (SecuRing), found by OSS-Fuzz, Zweig(Kunlun Lab), 香农的三蹦子(Pangu Lab), an anonymous researcher, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs SG Pte), Certik Skyfall Team, Valentin Pashkov(Kaspersky), Mikhail Vinogradov(Kaspersky), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), (Kaspersky), Boris Larin@@oct0xor(Kaspersky), Kaitao Xie(Alibaba Group), Xiaolong Bai(Alibaba Group), Certik Skyfall Team(Ant Security Light), Sei K., Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Noah Roskin-Frazee, Thijs Alkemade(Computest Sector 7), Adam M., Johan Carlsson (joaxcar), Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, Yuval Yarom, Narendra Bhati (twitter.com/imnarendrabhati)(Suma Soft Pvt), Pune - India(TU Wien), Valentino Dalla Valle(TU Wien), Pedro Bernardo(TU Wien), Marco Squarcina(TU Wien), (TU Wien), Lorenzo Veronese(TU Wien), Pune - India, Yuhao Hu, Jiming Wang, Jikai Ren, Anonymous(Trend Micro Zero Day Initiative), Francisco Alonso@@revskills, Junsung Lee, 이준성(Junsung Lee)(Cross Republic), Apple, YeongHyeon Choi@@hyeon101010, Mickey Jin@@patch1t, Gergely Kalman@@gergely_kalman, Erhad Husovic, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, Bool(YunShangHuaAn), Arsenii Kostromin (0x3c3e), Taavi Eomäe(Zone Media O), Mickey Jin@@patch1t(Trend Micro Zero Day Initiative), (Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2023-1916, Jonathan Bar Or(Microsoft), Emanuele Cozzi(Microsoft), (Microsoft), Michael Pearse(Microsoft), Csaba Fitzl@@theevilbit(Offensive Security), Sandipan Roy, James Duffy (mangoSecure), Michael Cowell, David Hoyt(Hoyt LLC), Wenchao Li(Hangzhou Orange Shield Information Technology Co), Xiaolong Bai(Hangzhou Orange Shield Information Technology Co), Ltd., CVE-2023-1801, Matthew Loewen, CVE-2023-2426, CVE-2023-2609, CVE-2023-2610, Yiğit Can YILMAZ@@yilmazcanyigit, Pr, Yishu Wang, ABC Research s.r.o.
Affected Software
6 affected componentsFixes available
Apple macOS Ventura<13.5
13.5
Apple macOS<13.5
WebKitGTK WebKitGTK<2.40.5
wpewebkit WPE WebKit<2.40.5
Apple iOS<16.6
16.6
Apple iPadOS<16.6
16.6
Event History
Jul 24, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Sep 6, 2023
CVE Published
via MITRE·08:48 PM
Data Sourced
via MITRE·08:48 PM
DescriptionWeakness
Sep 14, 2023
Data Sourced
via Red Hat·02:02 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2023-40397.
2
What is the severity of CVE-2023-40397?
The severity of CVE-2023-40397 is critical, with a severity value of 9.8.
3
How was CVE-2023-40397 addressed?
CVE-2023-40397 was addressed with improved checks in macOS Ventura 13.5.
4
What is the affected software for CVE-2023-40397?
The affected software for CVE-2023-40397 is Apple macOS Ventura up to version 13.5.
5
Is there a reference link available for CVE-2023-40397?
Yes, you can find a reference link for CVE-2023-40397 [here](https://support.apple.com/en-us/HT213843) and [here](http://www.openwall.com/lists/oss-security/2023/09/11/1).