Main Vulnerability Database Vulnerabilities #VU82984

Heap-based buffer overflow in FreeBSD - CVE-2023-5941

Published: November 10, 2023

Vulnerability identifier: #VU82984

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-5941

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the __sflush() function in libc. A remote attacker can pass specially crafted data to the application that is using the affected library, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

The vulnerability can be used to escalate privileges or remotely execute arbitrary code. The attack vector depends on the application or daemon that uses the vulnerable libc version.

Remediation

Install updates from vendor's website.

External links

https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc

Heap-based buffer overflow in FreeBSD - CVE-2023-5941

Description

Remediation

External links

Please verify you're human