CVE-2023-5978
CVSS V2 None
CVSS V3 None
Description
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.
Overview
- CVE ID
- CVE-2023-5978
- Assigner
- freebsd
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-08T08:52:46.920Z
- Last Modified Date
- 2023-11-08T08:52:46.920Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc | vendor-advisory |
| https://security.netapp.com/advisory/ntap-20231214-0003/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-5978 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5978 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 05:11:42 | Added to TrackCVE |