CVE-2023-5941
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-5941 is a critical vulnerability found in versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5. The vulnerability affects various products, including Qtq, du8tbV, Qtq-2K, QttcWI, and others. The vulnerability arises from the __sflush() stdio function in libc not correctly updating FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. This can lead to a heap buffer overflow, potentially causing data corruption or allowing for the execution of arbitrary code at the privilege level of the program. To remediate this vulnerability, organizations should update their FreeBSD systems to version 12.4-RELEASE-p7 or 13.2-RELEASE-p5 or later. The National Vulnerability Database (NVD) has rated this vulnerability as critical with a base score of 9.8 out of 10 and highlighted its high impact on integrity and confidentiality as well as its availability impact on systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions