← Retour aux CVEs
CVE-2023-5368
MEDIUM6.5
Description
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/4/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
freebsd:freebsd
Faiblesses (CWE)
CWE-1188CWE-1188
References
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(secteam@freebsd.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20231124-0004/(secteam@freebsd.org)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.