cvelist/2023/5xxx/CVE-2023-5368.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-5368",
        "ASSIGNER": "secteam@freebsd.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-1188 Insecure Default Initialization of Resource",
                        "cweId": "CWE-1188"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "FreeBSD",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FreeBSD",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "13.2-RELEASE",
                                            "version_value": "p4"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "12.4-RELEASE",
                                            "version_value": "p6"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc",
                "refsource": "MISC",
                "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
            },
            {
                "url": "https://security.netapp.com/advisory/ntap-20231124-0004/",
                "refsource": "MISC",
                "name": "https://security.netapp.com/advisory/ntap-20231124-0004/"
            },
            {
                "url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/",
                "refsource": "MISC",
                "name": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Maxim Suhanov"
        }
    ]
}