Home > Vulnerability Database > CVE-2023-5368

Mend.io Vulnerability Database

CVE-2023-5368

Date: October 3, 2023

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

Language: C

Severity Score

7.1

Related Resources (5)

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5368

Url: https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/

Url: https://security.netapp.com/advisory/ntap-20231124-0004/

Url: https://www.mend.io/vulnerability-database/CVE-2023-5368

Severity Score

7.1

Weakness Type (CWE)

Insecure Default Initialization of Resource

CWE-1188

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-5368

Date: October 3, 2023

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?