CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.

Published: Nov 8, 2023
Updated: Nov 17, 2023
CVE: CVE-2023-5978
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	13.2	13.2.x
freebsd / freebsd	13.2-p1	13.2-p1.x
freebsd / freebsd	13.0	13.2
freebsd / freebsd	13.2-p2	13.2-p2.x
freebsd / freebsd	13.2-p3	13.2-p3.x
freebsd / freebsd	13.2-p4	13.2-p4.x

https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc
https://security.netapp.com/advisory/ntap-20231214-0003/

Vulnerability Database

289,599

CVE-2023-5978