cve/2023/CVE-2023-5368.md

### [CVE-2023-5368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5368)
![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=13.2-RELEASE%3C%20p4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen)

### Description

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-5368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5368)`
			`![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=13.2-RELEASE%3C%20p4%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen)`

			`### Description`

			`On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`