CVE-2023-5368

MEDIUM

msdosfs - Info Disclosure

Title source: llm

Description

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

References (3)

[Various Sources] https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20231124-0004/

[Patch] https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-1188

Status published

Products (3)

freebsd/freebsd 12.4 (6 CPE variants)

freebsd/freebsd 13.2 (4 CPE variants)

freebsd/freebsd < 12.4

Published Oct 04, 2023

Tracked Since Feb 18, 2026