CVE-2023-41983: Buffer Overflow
First published: Wed Oct 25 2023(Updated: )
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/webkit2gtk | <=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.40.5-1~deb11u1 | 2.42.4-1~deb11u1 2.42.2-1~deb12u1 2.42.4-1~deb12u1 2.42.4-1 |
| debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.42.4-1 |
| Apple iOS | <16.7.2 | 16.7.2 |
| Apple iPadOS | <16.7.2 | 16.7.2 |
| Apple Safari | <17.1 | 17.1 |
| Apple iOS | <17.1 | 17.1 |
| Apple iPadOS | <17.1 | 17.1 |
| Apple macOS Sonoma | <14.1 | 14.1 |
| Apple Safari | <17.1 | |
| Apple iPadOS | <16.7.2 | |
| Apple iPadOS | >=17.0<17.1 | |
| Apple iPhone OS | <16.7.2 | |
| Apple iPhone OS | >=17.0<17.1 | |
| Apple macOS | >=14.0<14.1 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2023-0010.html
- https://security-tracker.debian.org/tracker/CVE-2023-41983
- https://support.apple.com/en-us/HT213981 (Advisory)
- https://support.apple.com/en-us/HT213986 (Advisory)
- https://support.apple.com/en-us/HT213984 (Advisory)
- https://support.apple.com/en-us/HT213982 (Advisory)
- https://support.apple.com/kb/HT213984
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/27
- http://seclists.org/fulldisclosure/2023/Oct/24
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/
- http://www.openwall.com/lists/oss-security/2023/11/15/1
- https://www.debian.org/security/2023/dsa-5557
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/kb/HT213986
- https://support.apple.com/kb/HT213982
- https://support.apple.com/kb/HT213981
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40447
- CVE-2023-41976
- CVE-2023-42852
- CVE-2023-42843
- CVE-2023-41983
- CVE-2023-30774
- CVE-2023-40444
- CVE-2023-42952
- CVE-2023-42945
- CVE-2023-41072
- CVE-2023-42857
- CVE-2023-40449
- CVE-2023-42823
- CVE-2023-41989
- CVE-2023-42854
- CVE-2023-40413
- CVE-2023-42834
- CVE-2023-42844
- CVE-2023-42953
- CVE-2023-40416
- CVE-2023-42848
- CVE-2023-40423
- CVE-2023-38403
- CVE-2023-42849
- CVE-2023-42850
- CVE-2023-40446
- CVE-2023-42942
- CVE-2023-42861
- CVE-2023-42935
- CVE-2023-40408
- CVE-2023-40405
- CVE-2023-28826
- CVE-2023-42856
- CVE-2023-40404
- CVE-2023-42859
- CVE-2023-42877
- CVE-2023-42840
- CVE-2023-42853
- CVE-2023-42860
- CVE-2023-42889
- CVE-2023-42847
- CVE-2023-42845
- CVE-2023-42841
- CVE-2023-42873
- CVE-2023-42838
- CVE-2023-42835
- CVE-2023-41977
- CVE-2023-42438
- CVE-2023-42836
- CVE-2023-42839
- CVE-2023-42878
- CVE-2023-41982
- CVE-2023-41997
- CVE-2023-41988
- CVE-2023-42946
- CVE-2023-36191
- CVE-2023-40421
- CVE-2023-42842
- CVE-2023-4733
- CVE-2023-4734
- CVE-2023-4735
- CVE-2023-4736
- CVE-2023-4738
- CVE-2023-4750
- CVE-2023-4751
- CVE-2023-4752
- CVE-2023-4781
- CVE-2023-41254
- CVE-2023-41975
- CVE-2023-42858
- CVE-2023-42928
- CVE-2023-42846
- CVE-2023-42951
- CVE-2023-42855
- CVE-2023-40445
- CVE-2023-42939
- CVE-2023-32359
Frequently Asked Questions
What is CVE-2023-41983?
CVE-2023-41983 is a vulnerability in the WebKit process model that could lead to a denial-of-service.
Which versions of macOS are affected by CVE-2023-41983?
The vulnerability affects macOS Sonoma up to version 14.1.
Which versions of Safari are affected by CVE-2023-41983?
Safari versions up to 17.1 are affected by this vulnerability.
Which versions of iOS are affected by CVE-2023-41983?
iOS versions up to 16.7.2 and 17.1 are affected by this vulnerability.
What is the remedy for CVE-2023-41983?
The vulnerability is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- package-manager/debian
- vendor/apple
- canonical/apple safari
- canonical/apple macos sonoma
- canonical/apple ios
- canonical/apple ipados
- version/apple ipados/17.0
- canonical/apple iphone os
- version/apple iphone os/17.0
- canonical/apple macos
- version/apple macos/14.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- version/debian debian linux/12.0