← Back to CVEs
CVE-2023-5368
MEDIUM6.5
Description
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/4/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
freebsd:freebsd
Weaknesses (CWE)
CWE-1188CWE-1188
References
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(secteam@freebsd.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20231124-0004/(secteam@freebsd.org)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.