FKIE_CVE-2023-5941

Vulnerability from fkie_nvd - Published: 2023-11-08 09:15 - Updated: 2024-11-21 08:42
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.  Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.
References
secteam@freebsd.orghttps://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.ascVendor Advisory
secteam@freebsd.orghttps://security.netapp.com/advisory/ntap-20231214-0004/
af854a3a-2127-422b-91ae-364da2661108https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231214-0004/
Impacted products
Vendor Product Version
freebsd freebsd *
freebsd freebsd *
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 13.2
freebsd freebsd 13.2
freebsd freebsd 13.2
freebsd freebsd 13.2
freebsd freebsd 13.2
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186",
              "versionEndExcluding": "12.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060",
              "versionEndExcluding": "13.2",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8FFBAD22-5712-472D-ADAF-13DE0826F888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*",
              "matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*",
              "matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects\u0027 write space members for write-buffered streams when the write(2) system call returns an error. \u00a0Depending on the nature of an application that calls libc\u0027s stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur.  Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program."
    },
    {
      "lang": "es",
      "value": "En las versiones 12.4-RELEASE anteriores a 12.4-RELEASE-p7 y 13.2-RELEASE anteriores a 13.2-RELEASE-p5 de FreeBSD, la funci\u00f3n stdio __sflush() en libc no actualiza correctamente los miembros del espacio de escritura de los objetos FILE para secuencias con b\u00fafer de escritura cuando la llamada al sistema write(2) devuelve un error. Dependiendo de la naturaleza de una aplicaci\u00f3n que llama a las funciones stdio de libc y la presencia de errores devueltos por la llamada al sistema write(2) (o una rutina de escritura stdio anulada), puede ocurrir un desbordamiento del buffer del heap. Dichos desbordamientos pueden provocar da\u00f1os en los datos o la ejecuci\u00f3n de c\u00f3digo arbitrario en el nivel de privilegio del programa que realiza la llamada."
    }
  ],
  "id": "CVE-2023-5941",
  "lastModified": "2024-11-21T08:42:49.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-08T09:15:07.847",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "https://security.netapp.com/advisory/ntap-20231214-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20231214-0004/"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-131"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secteam@freebsd.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-131"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.