ID
VAR-202301-1714
CVE
CVE-2023-23513
TITLE
apple's macOS Classic buffer overflow vulnerability in
Trust: 0.8
DESCRIPTION
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. apple's macOS Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213603. AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Big Sur Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos PackageKit Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Big Sur Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog) WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) macOS Big Sur 11.7.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxmcTxAA5RgSSuSbRaEzLzDYMXICkEWJLRFDxirCePXlty57qxD+Edl/f7rZhvxx nt5f0TTSVV2D4j+bb1MC/qFgINJ2SV31UY3nQXg+k85QeCyjEMXQDgIk5QBJd40E gcPXFOQULvHJAhyKAvNexGqyRTUk4GqifPZNwXFxKC/tsPahr/Bh6OP+l7CkhG7Y XiDuKLpL7ssAMl6sf7Lg5H114P/6pPwKM949mYzUz+0CH6uXQ7oWSx/KirbR3HD8 W3FQY/iS3hzG6EALUbFWKjxXPHRv/59TQElizLVqfxLQCjSokxyDiW5OehMeefQs 8dFDCMbpbQFC0RBVFVCS3fzhCNu24LfihyUmz9//Azguv3HJhbuZ/kz70JhsLW9F 6mGlbXA/w2rAWXpJ2fRsHSqpZw9jiX1FlfUH+h3T8cmtnfZDduV0AEvCIK8Zp/nq S6+sZ3i5VtQyUGZc3FKTQVTeMPrXhyLCXlfiCXMfo04P11AJNxOqSHgBH43N8pNp drRKydDb+u8QpxUzuaxbyn2dgoEaxwRke6jspkPFPZ/ipj8eNLIn2FqQx8CGXCDL 2k/+/a4M/zsGcr39kuGjcXNba6YbXnA8HwWqmKeMwQ+3VTMwf6C2x0h6OBQGIGcv MyrKHkVVE9KyPk9AULiw4BJYX7MMBmSbpf2OEDP3d06d6e1ljv8= =hYz5 -----END PGP SIGNATURE-----
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | apple | model: | macos | scope: | gte | version: | 12.0 | Trust: 1.0 |
| vendor: | apple | model: | macos | scope: | lt | version: | 12.6.3 | Trust: 1.0 |
| vendor: | apple | model: | macos | scope: | lt | version: | 13.2 | Trust: 1.0 |
| vendor: | apple | model: | macos | scope: | lt | version: | 11.7.3 | Trust: 1.0 |
| vendor: | apple | model: | macos | scope: | gte | version: | 13.0 | Trust: 1.0 |
| vendor: | アップル | model: | macos | scope: | eq | version: | 11.7.3 | Trust: 0.8 |
| vendor: | アップル | model: | macos | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | アップル | model: | macos | scope: | eq | version: | 13.0 that's all 13.2 | Trust: 0.8 |
| vendor: | アップル | model: | macos | scope: | eq | version: | 12.0 that's all 12.6.3 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.1 |
| problemtype: | Classic buffer overflow (CWE-120) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | HT213604 Apple Security update | url: | https://support.apple.com/en-us/HT213603 | Trust: 0.8 |
| title: | Apple macOS Enter the fix for the verification error vulnerability | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=246395 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-23513 | Trust: 3.5 |
| db: | JVNDB | id: | JVNDB-2023-004733 | Trust: 0.8 |
| db: | PACKETSTORM | id: | 170698 | Trust: 0.7 |
| db: | TALOS | id: | TALOS-2022-1660 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202301-1768 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-451824 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-23513 | Trust: 0.1 |
REFERENCES
| url: | https://support.apple.com/en-us/ht213605 | Trust: 2.4 |
| url: | https://support.apple.com/en-us/ht213603 | Trust: 1.8 |
| url: | https://support.apple.com/en-us/ht213604 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23513 | Trust: 0.9 |
| url: | https://talosintelligence.com/vulnerability_reports/talos-2022-1660 | Trust: 0.6 |
| url: | https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2023-23513/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23518 | Trust: 0.1 |
| url: | https://support.apple.com/downloads/ | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-35252 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23497 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23505 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23508 | Trust: 0.1 |
| url: | https://support.apple.com/ht213603. | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23499 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-23517 | Trust: 0.1 |
| url: | https://www.apple.com/support/security/pgp/ | Trust: 0.1 |
| url: | https://support.apple.com/en-us/ht201222. | Trust: 0.1 |
CREDITS
Discovered by Aleksandar Nikolic and Dimitrios Tatsis of Cisco Talos.
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-451824 |
| db: | VULMON | id: | CVE-2023-23513 |
| db: | JVNDB | id: | JVNDB-2023-004733 |
| db: | PACKETSTORM | id: | 170698 |
| db: | CNNVD | id: | CNNVD-202301-1768 |
| db: | NVD | id: | CVE-2023-23513 |
LAST UPDATE DATE
2024-08-14T12:38:22.750000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-451824 | date: | 2023-03-08T00:00:00 |
| db: | VULMON | id: | CVE-2023-23513 | date: | 2023-02-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004733 | date: | 2023-11-01T06:27:00 |
| db: | CNNVD | id: | CNNVD-202301-1768 | date: | 2023-07-18T00:00:00 |
| db: | NVD | id: | CVE-2023-23513 | date: | 2024-08-01T18:35:02.847 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-451824 | date: | 2023-02-27T00:00:00 |
| db: | VULMON | id: | CVE-2023-23513 | date: | 2023-02-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004733 | date: | 2023-11-01T00:00:00 |
| db: | PACKETSTORM | id: | 170698 | date: | 2023-01-24T16:41:28 |
| db: | CNNVD | id: | CNNVD-202301-1768 | date: | 2023-01-23T00:00:00 |
| db: | NVD | id: | CVE-2023-23513 | date: | 2023-02-27T20:15:14.200 |