CVE-2023-43000

CVE Database · CVE-2023-43000

CVE-2023-43000

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

3.82%

Published

Nov 5, 2025

Modified

Mar 12, 2026

CISA Known Exploited Vulnerability

Added: 2026-03-05 · Due: 2026-03-26

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (6)

apple · safari (up to 16.6)vulnerable

apple · ipados (up to 15.8.7)vulnerable

apple · ipados (up to 16.6)vulnerable

apple · iphone_os (up to 15.8.7)vulnerable

apple · iphone_os (up to 16.6)vulnerable

apple · macos (up to 13.5)vulnerable

References (6)