← Voltar para CVEs
CVE-2023-5368
MEDIUM6.5
Descricao
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/4/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
freebsd:freebsd
Fraquezas (CWE)
CWE-1188CWE-1188
Referencias
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(secteam@freebsd.org)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(secteam@freebsd.org)
https://security.netapp.com/advisory/ntap-20231124-0004/(secteam@freebsd.org)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/(af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.