CVE-2023-5368 — Vulnetix

CVE-2023-5368 PUBLISHED CVSS 6.5 MEDIUM

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

EPSS 0.13% · 33.1th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.13%

33.1th percentile

Affected Products

Vendor	Product	Versions
freebsd	freebsd	0, 13.0, 12.4
FreeBSD	FreeBSD	13.2-RELEASE, 12.4-RELEASE, 13.2-RELEASE

Exploit Intelligence

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc (circl)
https://security.netapp.com/advisory/ntap-20231124-0004/ (circl)
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/ (circl)

Timeline

Oct 4, 2023 EPSS Score
Oct 4, 2023 CVE Published
Nov 5, 2023 EPSS Score
Dec 6, 2023 EPSS Score
Jan 7, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 13, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 16, 2024 EPSS Score

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc vendor-advisory
https://security.netapp.com/advisory/ntap-20231124-0004/ url
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/ url
https://nvd.nist.gov/vuln/detail/CVE-2023-5368 advisory
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case url
https://security.netapp.com/advisory/ntap-20231124-0004 url

Open in Interactive Console →