DEBIAN-CVE-2023-28204

DEBIAN-CVE-2023-28204 PUBLISHED CVSS 6.5 MEDIUM

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	wpewebkit	0, 0, 0
Debian:11	webkit2gtk	2.38.3-1~deb11u1, 2.38.3-1~deb10u1, 2.38.2-1~deb11u1
Debian:12	webkit2gtk	2.40.1-1, 2.40.2-1~deb11u1, 0
Debian:13	webkit2gtk	0, 0, 0
Debian:14	webkit2gtk	0, 0, 0
Debian:12	wpewebkit	0, 2.38.6-1, 2.39.91-1
Debian:14	wpewebkit	0, 0, 0
Debian:11	wpewebkit	2.40.5-1, 2.48.2-1, 2.34.1-1

Timeline

Jun 23, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-28204 advisory

Open in Interactive Console →