CVE-2024-23257 - Vulnerability Details - OpenCVE

ReportizFlow

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipados Iphone Os Macos Visionos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/22
http://seclists.org/fulldisclosure/2024/Mar/23
http://seclists.org/fulldisclosure/2024/Mar/26
https://support.apple.com/en-us/HT214082
https://support.apple.com/en-us/HT214083
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214085
https://support.apple.com/en-us/HT214087

History

Fri, 20 Dec 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados
CPEs	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::
Vendors & Products	Apple ipad Os	Apple ipados

Fri, 06 Dec 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipad Os Apple iphone Os Apple macos Apple visionos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:ipad_os:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple Apple ipad Os Apple iphone Os Apple macos Apple visionos
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-08T01:35:24.108Z

Updated: 2024-08-01T22:59:32.110Z

Reserved: 2024-01-12T22:22:21.488Z

Link: CVE-2024-23257

Vulnrichment

Updated: 2024-08-01T22:59:32.110Z

NVD

Status : Analyzed

Published: 2024-03-08T02:15:48.760

Modified: 2024-12-20T17:08:48.080

Link: CVE-2024-23257

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23257", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.488Z", "datePublished": "2024-03-08T01:35:24.108Z", "dateUpdated": "2024-08-01T22:59:32.110Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an image may result in disclosure of process memory"}]}], "affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "1.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."}], "references": [{"url": "https://support.apple.com/en-us/HT214087"}, {"url": "https://support.apple.com/en-us/HT214083"}, {"url": "https://support.apple.com/en-us/HT214082"}, {"url": "https://support.apple.com/en-us/HT214085"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:35:24.108Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-08T15:33:52.302723Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:10.890Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.110Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214087", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214083", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214082", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214085", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214087", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214083", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214082", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214085", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.110Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-08T15:33:52.302723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:41.487Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214087"}, {"url": "https://support.apple.com/en-us/HT214083"}, {"url": "https://support.apple.com/en-us/HT214082"}, {"url": "https://support.apple.com/en-us/HT214085"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an image may result in disclosure of process memory"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:35:24.108Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23257", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:32.110Z", "dateReserved": "2024-01-12T22:22:21.488Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-08T01:35:24.108Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "9277B3E8-4519-4E07-A89A-A08C604AB78C", "versionEndExcluding": "16.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", "versionEndExcluding": "16.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A61173BD-535F-46FC-B40F-DA78B168E420", "versionEndExcluding": "12.7.4", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "69C4F06A-061F-46B3-8BB7-5C9B47C00956", "versionEndExcluding": "13.6.5", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", "versionEndExcluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 y iPadOS 16.7.6. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso."}], "id": "CVE-2024-23257", "lastModified": "2024-12-20T17:08:48.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-08T02:15:48.760", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/22"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/23"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214082"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214083"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214085"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214087"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}