← volver
CVE-2023-5368

msdosfs data disclosure

EPSS 0.5%CWE-1188
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Productos afectados
FreeBSD · FreeBSD

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.aschttps://security.netapp.com/advisory/ntap-20231124-0004/