CVE-2023-5368 — MEDIUM (6.5)

Q: How severe is CVE-2023-5368?

CVE-2023-5368 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5368?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.

Vulnerability Description

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	< 12.4

Related Weaknesses (CWE)

CWE-1188

References

FAQ

What is CVE-2023-5368?

CVE-2023-5368 is a vulnerability with a CVSS score of 6.5 (MEDIUM). On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather...

How severe is CVE-2023-5368?

CVE-2023-5368 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5368?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.