Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.

Published

2023-11-08T09:15:07.933

Last Modified

2024-11-21T08:42:54.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes
Operating System	freebsd	freebsd	13.2	Yes

References

https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20231214-0003/ ([email protected])
https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231214-0003/ (af854a3a-2127-422b-91ae-364da2661108)