What is CVE-2023-40307?

CVE-2023-40307 is a vulnerability that allows an attacker with standard privileges on macOS to cause a buffer overflow resulting in a crash of the application and potential data exposure or modification.

How does the CVE-2023-40307 vulnerability affect macOS?

The CVE-2023-40307 vulnerability affects macOS by allowing an attacker with standard privileges to request administrator privileges from an application and submit input that causes a buffer overflow, leading to a crash of the application and potential data exposure or modification.

What is the severity of CVE-2023-40307?

The severity of CVE-2023-40307 is rated as high, with a severity value of 7.8.

How can I fix the CVE-2023-40307 vulnerability?

To fix the CVE-2023-40307 vulnerability, it is recommended to update the affected software to version 1.5.5 or later. Please refer to the vendor's website or security advisory for specific mitigation steps.

Where can I find more information about the CVE-2023-40307 vulnerability?

More information about the CVE-2023-40307 vulnerability can be found in the advisory published on the GitHub page of SAP macOS Enterprise Privileges.

Vulnerability/
CVE-2023-40307

high

7.8

CWE

787 119

28/9/2023

23/9/2024

CVE-2023-40307: Privileges Memory Corruption (Out-of-bound write)

First published: Thu Sep 28 2023(Updated: )

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
Sap Privileges	<1.5.4

Never miss a vulnerability like this again

Reference Links

https://github.com/SAP/macOS-enterprise-privileges/security/advisories/GHSA-rgq4-wxpj-5jv9

Frequently Asked Questions

What is CVE-2023-40307?
CVE-2023-40307 is a vulnerability that allows an attacker with standard privileges on macOS to cause a buffer overflow resulting in a crash of the application and potential data exposure or modification.
How does the CVE-2023-40307 vulnerability affect macOS?
The CVE-2023-40307 vulnerability affects macOS by allowing an attacker with standard privileges to request administrator privileges from an application and submit input that causes a buffer overflow, leading to a crash of the application and potential data exposure or modification.
What is the severity of CVE-2023-40307?
The severity of CVE-2023-40307 is rated as high, with a severity value of 7.8.
How can I fix the CVE-2023-40307 vulnerability?
To fix the CVE-2023-40307 vulnerability, it is recommended to update the affected software to version 1.5.5 or later. Please refer to the vendor's website or security advisory for specific mitigation steps.
Where can I find more information about the CVE-2023-40307 vulnerability?
More information about the CVE-2023-40307 vulnerability can be found in the advisory published on the GitHub page of SAP macOS Enterprise Privileges.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/references
agent/severity
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/sap
canonical/sap privileges

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.