Skip to main content

macOS CVE-2023-42982

MEDIUM
Out-of-bounds Read (CWE-125)
2025-04-11 product-security@apple.com
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:36 vuln.today
CVE Published
Apr 11, 2025 - 15:15 nvd
MEDIUM 6.4

DescriptionCVE.org

Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.

AnalysisAI

Processing a file may lead to a denial-of-service or potentially disclose memory contents. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. Affected products include: Apple Macos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in macOS

View all
CVE-2025-34089 CRITICAL POC
9.3 Jul 03

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope

CVE-2023-43000 HIGH POC
8.8 Nov 05

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability

CVE-2026-20700 HIGH POC
7.8 Feb 11

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2022-48618 HIGH
7.0 Jan 09

The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)

CVE-2024-27822 HIGH POC
7.8 May 14

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2023-22809 HIGH POC
7.8 Jan 18

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen

CVE-2022-46689 HIGH POC
7.0 Dec 15

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth

CVE-2022-32845 CRITICAL POC
10.0 Sep 23

This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo

CVE-2022-32221 CRITICAL POC
9.8 Dec 05

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t

CVE-2022-32207 CRITICAL POC
9.8 Jul 07

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the

Share

CVE-2023-42982 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy