QwikSec

Security Database

CVE

CWE

Training

CVE-2023-5368

Published: Oct 4, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `13.2-RELEASE - < p4` affected `12.4-RELEASE - < p6`

Weaknesses (CWE)

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc

vendor-advisory

https://security.netapp.com/advisory/ntap-20231124-0004/

https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.