← Volver a CVEs
CVE-2023-5368
MEDIUM6.5
Descripcion
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/4/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
freebsd:freebsd
Debilidades (CWE)
CWE-1188CWE-1188
Referencias
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(secteam@freebsd.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20231124-0004/(secteam@freebsd.org)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.