CVE-2023-40441

Published: Sep 27, 2023Modified: Nov 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

Affected (3)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.0
Apple Iphone Os	Before 17.0
Apple Macos	Before 14.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

http://seclists.org/fulldisclosure/2023/Oct/3

Source: product-security@apple.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/8

Source: product-security@apple.com

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT213938

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213940

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2023/Oct/3