CVE-2023-5368

Sažetak

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Reference

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
https://security.netapp.com/advisory/ntap-20231124-0004/
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

29-11-2023 - 21:15

Objavljeno

04-10-2023 - 04:15