CVE-2023-5978
HIGHFreeBSD 13.0-13.2 - Improper Privilege Management in cap_net libcasper Service
Title source: llmDescription
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.
References (2)
Core 2
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231214-0003/
Vendor Advisory vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc
Scores
CVSS v3
7.5
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (2)
freebsd/freebsd
13.2 (5 CPE variants)
freebsd/freebsd
13.0 - 13.2
Published
Nov 08, 2023
Tracked Since
Feb 18, 2026