CVE-2023-5368 Vulnerability Details

  /     /     /  

CVE-2023-5368 Metadata Quick Info

CVE Published: 04/10/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: freebsd | Vendor: FreeBSD | Product: FreeBSD
Status : PUBLISHED

---

CVE-2023-5368 Description

On an msdosfs filesystem, the \'truncate\' or \'ftruncate\' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1188
CWE Name: CWE-1188 Insecure Default Initialization of Resource
Source: FreeBSD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).