CVE-2023-5368

CVSS V2 None CVSS V3 None

Description

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Overview

CVE ID
CVE-2023-5368

Assigner
freebsd

Vulnerability Status
PUBLISHED

Published Version
2023-10-04T03:38:09.357Z

Last Modified Date
2023-11-29T20:59:57.519Z

Weakness Enumerations

CWE	URL
CWE-1188	http://cwe.mitre.org/data/definitions/1188.html

References

Reference URL	Reference Tags
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc	vendor-advisory
https://security.netapp.com/advisory/ntap-20231124-0004/
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5368
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5368

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:32:32				Added to TrackCVE