CVE-2023-5941

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 8, 2023
Updated: Dec 14, 2023
CWE ID 131
CWE ID 787

Summary

CVE-2023-5941 is a critical vulnerability found in versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5. The vulnerability affects various products, including Qtq, du8tbV, Qtq-2K, QttcWI, and others. The vulnerability arises from the __sflush() stdio function in libc not correctly updating FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. This can lead to a heap buffer overflow, potentially causing data corruption or allowing for the execution of arbitrary code at the privilege level of the program. To remediate this vulnerability, organizations should update their FreeBSD systems to version 12.4-RELEASE-p7 or 13.2-RELEASE-p5 or later. The National Vulnerability Database (NVD) has rated this vulnerability as critical with a base score of 9.8 out of 10 and highlighted its high impact on integrity and confidentiality as well as its availability impact on systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5941 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options