ID

VAR-202301-1714


CVE

CVE-2023-23513


TITLE

apple's  macOS  Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004733

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. apple's macOS Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213603. AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Big Sur Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos PackageKit Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Big Sur Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog) WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) macOS Big Sur 11.7.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxmcTxAA5RgSSuSbRaEzLzDYMXICkEWJLRFDxirCePXlty57qxD+Edl/f7rZhvxx nt5f0TTSVV2D4j+bb1MC/qFgINJ2SV31UY3nQXg+k85QeCyjEMXQDgIk5QBJd40E gcPXFOQULvHJAhyKAvNexGqyRTUk4GqifPZNwXFxKC/tsPahr/Bh6OP+l7CkhG7Y XiDuKLpL7ssAMl6sf7Lg5H114P/6pPwKM949mYzUz+0CH6uXQ7oWSx/KirbR3HD8 W3FQY/iS3hzG6EALUbFWKjxXPHRv/59TQElizLVqfxLQCjSokxyDiW5OehMeefQs 8dFDCMbpbQFC0RBVFVCS3fzhCNu24LfihyUmz9//Azguv3HJhbuZ/kz70JhsLW9F 6mGlbXA/w2rAWXpJ2fRsHSqpZw9jiX1FlfUH+h3T8cmtnfZDduV0AEvCIK8Zp/nq S6+sZ3i5VtQyUGZc3FKTQVTeMPrXhyLCXlfiCXMfo04P11AJNxOqSHgBH43N8pNp drRKydDb+u8QpxUzuaxbyn2dgoEaxwRke6jspkPFPZ/ipj8eNLIn2FqQx8CGXCDL 2k/+/a4M/zsGcr39kuGjcXNba6YbXnA8HwWqmKeMwQ+3VTMwf6C2x0h6OBQGIGcv MyrKHkVVE9KyPk9AULiw4BJYX7MMBmSbpf2OEDP3d06d6e1ljv8= =hYz5 -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2023-23513 // JVNDB: JVNDB-2023-004733 // VULHUB: VHN-451824 // VULMON: CVE-2023-23513 // PACKETSTORM: 170698

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.3

Trust: 1.0

vendor:applemodel:macosscope:gteversion:13.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:11.7.3

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.0 that's all 13.2

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0 that's all 12.6.3

Trust: 0.8

sources: JVNDB: JVNDB-2023-004733 // NVD: CVE-2023-23513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-23513
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-23513
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-23513
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202301-1768
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-23513
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-23513
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004733 // CNNVD: CNNVD-202301-1768 // NVD: CVE-2023-23513 // NVD: CVE-2023-23513

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-451824 // JVNDB: JVNDB-2023-004733 // NVD: CVE-2023-23513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1768

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1768

PATCH

title:HT213604 Apple  Security updateurl:https://support.apple.com/en-us/HT213603

Trust: 0.8

title:Apple macOS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246395

Trust: 0.6

sources: JVNDB: JVNDB-2023-004733 // CNNVD: CNNVD-202301-1768

EXTERNAL IDS

db:NVDid:CVE-2023-23513

Trust: 3.5

db:JVNDBid:JVNDB-2023-004733

Trust: 0.8

db:PACKETSTORMid:170698

Trust: 0.7

db:TALOSid:TALOS-2022-1660

Trust: 0.6

db:CNNVDid:CNNVD-202301-1768

Trust: 0.6

db:VULHUBid:VHN-451824

Trust: 0.1

db:VULMONid:CVE-2023-23513

Trust: 0.1

sources: VULHUB: VHN-451824 // VULMON: CVE-2023-23513 // JVNDB: JVNDB-2023-004733 // PACKETSTORM: 170698 // CNNVD: CNNVD-202301-1768 // NVD: CVE-2023-23513

REFERENCES

url:https://support.apple.com/en-us/ht213605

Trust: 2.4

url:https://support.apple.com/en-us/ht213603

Trust: 1.8

url:https://support.apple.com/en-us/ht213604

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-23513

Trust: 0.9

url:https://talosintelligence.com/vulnerability_reports/talos-2022-1660

Trust: 0.6

url:https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-23513/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23518

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23508

Trust: 0.1

url:https://support.apple.com/ht213603.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23517

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-451824 // VULMON: CVE-2023-23513 // JVNDB: JVNDB-2023-004733 // PACKETSTORM: 170698 // CNNVD: CNNVD-202301-1768 // NVD: CVE-2023-23513

CREDITS

Discovered by Aleksandar Nikolic and Dimitrios Tatsis of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202301-1768

SOURCES

db:VULHUBid:VHN-451824
db:VULMONid:CVE-2023-23513
db:JVNDBid:JVNDB-2023-004733
db:PACKETSTORMid:170698
db:CNNVDid:CNNVD-202301-1768
db:NVDid:CVE-2023-23513

LAST UPDATE DATE

2024-08-14T12:38:22.750000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-451824date:2023-03-08T00:00:00
db:VULMONid:CVE-2023-23513date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004733date:2023-11-01T06:27:00
db:CNNVDid:CNNVD-202301-1768date:2023-07-18T00:00:00
db:NVDid:CVE-2023-23513date:2024-08-01T18:35:02.847

SOURCES RELEASE DATE

db:VULHUBid:VHN-451824date:2023-02-27T00:00:00
db:VULMONid:CVE-2023-23513date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2023-004733date:2023-11-01T00:00:00
db:PACKETSTORMid:170698date:2023-01-24T16:41:28
db:CNNVDid:CNNVD-202301-1768date:2023-01-23T00:00:00
db:NVDid:CVE-2023-23513date:2023-02-27T20:15:14.200