{
  "threat_severity" : "Moderate",
  "public_date" : "2023-09-21T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: processing malicious web content may lead to arbitrary code execution",
    "id" : "2240522",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2240522"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", "A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution." ],
  "statement" : "This issue doesn't affect the versions of webkitgtk as shipped with Red Hat Enterprise Linux 8 and 9 as the flaw relies on JIT engine. JIT was disabled in the past when the fixes for CVE-2023-32435 and CVE-2023-32439 were released.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-07-18T00:00:00Z",
    "advisory" : "RHSA-2023:4202",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.38.5-1.el8_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-07-18T00:00:00Z",
    "advisory" : "RHSA-2023:4201",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.38.5-1.el9_2.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-41993\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41993\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ],
  "csaw" : true,
  "name" : "CVE-2023-41993"
}