Vulnetix
Try Vulnetix Request Demo
CVE-2023-5368 PUBLISHED CVSS 6.5 MEDIUM

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

EPSS 0.13% · 33.1th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.13%
33.1th percentile

Affected Products

VendorProductVersions
freebsdfreebsd13.2, 13.2, 13.2
FreeBSDFreeBSD12.4-RELEASE, 13.2-RELEASE

Timeline

References

Open in Interactive Console →