CVE-2023-5978

EUVD-2023-58245

08.11.2023, 09:15

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
freebsd	freebsd	13.0 ≤ 𝑥 < 13.2
freebsd	freebsd	13.2
freebsd	freebsd	13.2:p1
freebsd	freebsd	13.2:p2
freebsd	freebsd	13.2:p3
freebsd	freebsd	13.2:p4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc

https://security.netapp.com/advisory/ntap-20231214-0003/

https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc

https://security.netapp.com/advisory/ntap-20231214-0003/