CVE-2023-5368
MEDIUMFreeBSD - Uninitialized Data Exposure via msdosfs Truncate Operations
Title source: llmDescription
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231124-0004/
Patch vendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
Scores
CVSS v3
6.5
EPSS
0.0053
EPSS Percentile
40.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-1188
Status
published
Products (3)
freebsd/freebsd
12.4 (6 CPE variants)
freebsd/freebsd
13.2 (4 CPE variants)
freebsd/freebsd
< 12.4
Published
Oct 04, 2023
Tracked Since
Feb 18, 2026