CVE-2023-5368
Last modified
CVE-2023-5368 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file). . EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | < 12.4 |
| Freebsd | Freebsd | >= 13.0, < 13.2 |
| Freebsd | Freebsd | 12.4 |
| Freebsd | Freebsd | 13.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5368?
How severe is CVE-2023-5368?
How do I fix CVE-2023-5368?
Are you affected by CVE-2023-5368?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST