Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-49298

Date: November 24, 2023

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.

Language: C

Severity Score

Related Resources (13)

https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2
https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/
https://bugs.gentoo.org/917224
https://news.ycombinator.com/item?id=38770168
https://github.com/openzfs/zfs/pull/15571
https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308
https://github.com/openzfs/zfs/issues/15526
https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files
https://nvd.nist.gov/vuln/detail/CVE-2023-49298
https://news.ycombinator.com/item?id=38405731
https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html
https://www.mend.io/vulnerability-database/CVE-2023-49298

Severity Score

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us