CVE-2023-27955

Published: May 8, 2023Modified: Jan 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.4
Apple Iphone Os	Before 16.4
Apple Macos	From 11.0 to 11.7.5
Apple Macos	From 12.0 to 12.6.4
Apple Macos	From 13.0 to 13.3

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (10)

https://support.apple.com/en-us/HT213670

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213674

Source: product-security@apple.com

https://support.apple.com/en-us/HT213675

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213676

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213677

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT213670