CVE-2023-5978

2023-11-0809:15:07

CWE-269

[email protected]

web.nvd.nist.gov

freebsd

cve-2023-5978

security vulnerability

cap_net libcasper

domain name resolution

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.

Affected configurations

NVD

Node

freebsdfreebsdRange13.0–13.2

freebsdfreebsdMatch13.2-

freebsdfreebsdMatch13.2p1

freebsdfreebsdMatch13.2p2

freebsdfreebsdMatch13.2p3

freebsdfreebsdMatch13.2p4

CPENameOperatorVersion
freebsd:freebsdfreebsdlt13.2

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	lt	13.2

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "libcap_net"
    ],
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "lessThan": "p5",
        "status": "affected",
        "version": "13.2-RELEASE",
        "versionType": "release"
      }
    ]
  }
]