{
  "threat_severity" : "Moderate",
  "public_date" : "2023-09-26T20:14:54Z",
  "bugzilla" : {
    "description" : "libxslt: Processing web content may disclose sensitive information",
    "id" : "2349766",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2349766"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.", "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling." ],
  "statement" : "This CVE is a duplicate of CVE-2022-4909.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-06-09T00:00:00Z",
    "advisory" : "RHSA-2025:8676",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libxslt-0:1.1.32-6.2.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-06-09T00:00:00Z",
    "advisory" : "RHSA-2025:8676",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libxslt-0:1.1.32-6.2.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-03-31T00:00:00Z",
    "advisory" : "RHSA-2026:6266",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "libxslt-0:1.1.34-14.el9_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-06-12T00:00:00Z",
    "advisory" : "RHSA-2025:9016",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "libxslt-0:1.1.34-14.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-04-02T00:00:00Z",
    "advisory" : "RHSA-2026:6499",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "libxslt-0:1.1.34-13.el9_6.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "libxslt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-40403\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40403\nhttp://seclists.org/fulldisclosure/2023/Oct/10\nhttp://seclists.org/fulldisclosure/2023/Oct/3\nhttp://seclists.org/fulldisclosure/2023/Oct/4\nhttp://seclists.org/fulldisclosure/2023/Oct/5\nhttp://seclists.org/fulldisclosure/2023/Oct/6\nhttp://seclists.org/fulldisclosure/2023/Oct/8\nhttp://seclists.org/fulldisclosure/2023/Oct/9\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1356211\nhttps://bugzilla.gnome.org/show_bug.cgi?id=751621\nhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/94\nhttps://support.apple.com/en-us/HT213927" ],
  "name" : "CVE-2023-40403",
  "csaw" : false
}