CVE-2023-5941

Summary

CVE-2023-5941 is a critical vulnerability found in versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5. The vulnerability affects various products, including Qtq, du8tbV, Qtq-2K, QttcWI, and others. The vulnerability arises from the __sflush() stdio function in libc not correctly updating FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. This can lead to a heap buffer overflow, potentially causing data corruption or allowing for the execution of arbitrary code at the privilege level of the program. To remediate this vulnerability, organizations should update their FreeBSD systems to version 12.4-RELEASE-p7 or 13.2-RELEASE-p5 or later. The National Vulnerability Database (NVD) has rated this vulnerability as critical with a base score of 9.8 out of 10 and highlighted its high impact on integrity and confidentiality as well as its availability impact on systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.