CVE-2023-5368
N/A
N/A
Summary
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.
This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeBSD | FreeBSD | 13.2-RELEASE < p4 | affected |
| FreeBSD | FreeBSD | 12.4-RELEASE < p6 | affected |
Weaknesses
- CWE-1188: CWE-1188 Insecure Default Initialization of Resource
ADP Enrichment
CVE Program Container
Additional References
- https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
- https://security.netapp.com/advisory/ntap-20231124-0004/
- https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
References
- https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
- https://security.netapp.com/advisory/ntap-20231124-0004/
- https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.