← Zuruck zu CVEs
CVE-2023-5368
MEDIUM6.5
Beschreibung
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht10/4/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
freebsd:freebsd
Schwachen (CWE)
CWE-1188CWE-1188
Referenzen
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(secteam@freebsd.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20231124-0004/(secteam@freebsd.org)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.