What is the severity of CVE-2023-42956?

CVE-2023-42956 has been identified as a moderate severity vulnerability that may lead to a denial-of-service.

How do I fix CVE-2023-42956?

To fix CVE-2023-42956, upgrade WebKitGTK or WPE WebKit to version 2.44.0 or later.

What software is affected by CVE-2023-42956?

CVE-2023-42956 affects WebKitGTK and WPE WebKit versions before 2.44.0, along with related Apple products on specific versions.

What impact does CVE-2023-42956 have on users?

CVE-2023-42956 can result in denial-of-service conditions affecting the usability of the web content processed.

When was CVE-2023-42956 addressed?

CVE-2023-42956 was addressed with improved memory handling in releases after version 2.44.0 of WebKitGTK and WPE WebKit.

Vulnerability/
CVE-2023-42956

medium

6.5

CWE

20 362 416

11/12/2023

28/3/2024

12/11/2024

CVE-2023-42956: Input Validation

First published: Mon Dec 11 2023(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: product-security@apple.com Mickey Jin @patch1t an anonymous researcher Marc Newlin SkySafeKoh M. Nakagawa @tsunek0h CVE-2023-38545 CVE-2023-38039 CVE-2023-38546 Yann GASCUEL Alter SolutionsAnthony Cruz Tyrant Corp @App Wojciech Regula SecuRingZhenjiang Zhao Pangu TeamQianxin Junsung Lee Meysam Firouzi @R00tkitSMM Michael DePlante @izobashi Trend Micro Zero Day InitiativePan ZhenPeng @Peterpan0927 STAR Labs SG PteEloi Benoist-Vanderbeken @elvanderb SynacktivCVE-2023-42893 CVE-2023-3618 CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 Ron Masas BreakPointCsaba Fitzl @theevilbit OffSecCsaba Fitzl @theevilbit Offensive SecurityArsenii Kostromin (0x3c3e) Mattie Behrens Joshua Jewett @JoshJewett33 Zhongquan Li @Guluisacat Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCVE-2023-5344 Pwn2car Zoom Offensive Security Team Nan Wang @eternalsakura13 360 Vulnerability Research Instituterushikesh nandedkar SungKwon Lee (Demon.Team) Noah Roskin-Frazee Pr Ivan Fratric Google Project Zero Trend Micro Zero Day InitiativeDon Clarke Kirin @Pwnrin Andrew Goldberg The McCombs School of BusinessThe University Texas at AustinChristopher Reynolds Aymane Chabat ARJUN S D

Affected Software	Affected Version	How to fix
ubuntu/webkit2gtk	<2.44.0-0ubuntu0.22.04.1	2.44.0-0ubuntu0.22.04.1
ubuntu/webkit2gtk	<2.44.0-0ubuntu0.23.10.1	2.44.0-0ubuntu0.23.10.1
ubuntu/webkit2gtk	<2.44.0	2.44.0
debian/webkit2gtk	<=2.36.4-1~deb10u1<=2.38.6-0+deb10u1<=2.42.2-1~deb11u1<=2.42.2-1~deb12u1	2.44.1-1~deb11u1 2.44.1-1~deb12u1 2.44.1-1
debian/wpewebkit	<=2.38.6-1~deb11u1<=2.38.6-1	2.44.1-1
redhat/WebKitGTK	<2.44.0	2.44.0
Apple macOS	<14.2	14.2
Safari	<17.2	17.2
Apple iOS and iPadOS	<17.2	17.2
Apple iOS, iPadOS, and macOS	<17.2	17.2
Safari	<17.2
Apple iOS, iPadOS, and macOS	<17.2
iPhone OS	<17.2
macOS	>=14.0<14.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-42874
CVE-2023-42937
CVE-2023-42919
CVE-2023-42894
CVE-2023-42901
CVE-2023-42902
CVE-2023-42912
CVE-2023-42903
CVE-2023-42904
CVE-2023-42905
CVE-2023-42906
CVE-2023-42907
CVE-2023-42908
CVE-2023-42909
CVE-2023-42910
CVE-2023-42911
CVE-2023-42926
CVE-2023-42882
CVE-2023-42881
CVE-2023-42924
CVE-2023-42896
CVE-2023-42884
CVE-2023-45866
CVE-2023-42900
CVE-2023-42886
CVE-2023-38545
CVE-2023-38039
CVE-2023-38546
CVE-2023-42931
CVE-2023-42892
CVE-2023-42922
CVE-2023-42898
CVE-2023-42899
CVE-2023-42888
CVE-2023-42891
CVE-2023-42974
CVE-2023-42914
CVE-2023-42893
CVE-2023-3618
CVE-2020-19185
CVE-2020-19186
CVE-2020-19187
CVE-2020-19188
CVE-2020-19189
CVE-2020-19190
CVE-2023-42887
CVE-2023-42936
CVE-2023-40390
CVE-2023-42842
CVE-2023-42930
CVE-2023-42913
CVE-2023-42932
CVE-2023-42947
CVE-2023-40389
CVE-2023-5344
CVE-2023-42890
CVE-2023-42883
CVE-2023-42950
CVE-2023-42956
CVE-2023-42941
CVE-2023-42962
CVE-2023-42923
CVE-2023-42897

Frequently Asked Questions

What is the severity of CVE-2023-42956?
CVE-2023-42956 has been identified as a moderate severity vulnerability that may lead to a denial-of-service.
How do I fix CVE-2023-42956?
To fix CVE-2023-42956, upgrade WebKitGTK or WPE WebKit to version 2.44.0 or later.
What software is affected by CVE-2023-42956?
CVE-2023-42956 affects WebKitGTK and WPE WebKit versions before 2.44.0, along with related Apple products on specific versions.
What impact does CVE-2023-42956 have on users?
CVE-2023-42956 can result in denial-of-service conditions affecting the usability of the web content processed.
When was CVE-2023-42956 addressed?
CVE-2023-42956 was addressed with improved memory handling in releases after version 2.44.0 of WebKitGTK and WPE WebKit.

agent/first-publish-date
agent/type
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/launchpad-cve
source/Launchpad
agent/event
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-42956
agent/last-modified-date
agent/severity
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup-request
agent/weakness
alias/CVE-2023-42896
alias/CVE-2023-42884
alias/CVE-2023-45866
alias/CVE-2023-42900
alias/CVE-2023-42886
alias/CVE-2023-38545
alias/CVE-2023-38039
alias/CVE-2023-38546
alias/CVE-2023-42931
alias/CVE-2023-42892
alias/CVE-2023-42922
alias/CVE-2023-42898
alias/CVE-2023-42899
alias/CVE-2023-42888
alias/CVE-2023-42891
alias/CVE-2023-42974
alias/CVE-2023-42914
alias/CVE-2023-42893
alias/CVE-2023-3618
alias/CVE-2020-19185
alias/CVE-2020-19186
alias/CVE-2020-19187
alias/CVE-2020-19188
alias/CVE-2020-19189
alias/CVE-2020-19190
alias/CVE-2023-42887
alias/CVE-2023-42936
alias/CVE-2023-40390
alias/CVE-2023-42842
alias/CVE-2023-42930
alias/CVE-2023-42913
alias/CVE-2023-42932
alias/CVE-2023-42947
alias/CVE-2023-40389
alias/CVE-2023-5344
alias/CVE-2023-42890
alias/CVE-2023-42883
alias/CVE-2023-42950
alias/CVE-2023-42901
alias/CVE-2023-42902
alias/CVE-2023-42912
alias/CVE-2023-42903
alias/CVE-2023-42904
alias/CVE-2023-42905
alias/CVE-2023-42906
alias/CVE-2023-42907
alias/CVE-2023-42908
alias/CVE-2023-42909
alias/CVE-2023-42910
alias/CVE-2023-42911
alias/CVE-2023-42926
alias/CVE-2023-42882
alias/CVE-2023-42881
alias/CVE-2023-42924
alias/CVE-2023-42937
alias/CVE-2023-42919
alias/CVE-2023-42894
agent/references
agent/author
agent/description
agent/tags
agent/softwarecombine
alias/CVE-2023-42941
alias/CVE-2023-42962
alias/CVE-2023-42923
alias/CVE-2023-42897
collector/nvd-api
source/NVD
collector/nvd-cve
package-manager/ubuntu
package-manager/debian
package-manager/redhat
vendor/apple
canonical/apple macos
canonical/safari
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos
canonical/iphone os
canonical/macos
version/macos/14.0