Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5368

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Published

2023-10-04T04:15:14.143

Last Modified

2024-11-21T08:41:37.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1188
Type: Primary
CWE-1188

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 12.4	Yes
Operating System	freebsd	freebsd	< 13.2	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes

References

https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/ ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc Patch ([email protected])
https://security.netapp.com/advisory/ntap-20231124-0004/ ([email protected])
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231124-0004/ (af854a3a-2127-422b-91ae-364da2661108)