// For flags

CVE-2023-5978

Incorrect libcap_net limitation list manipulation

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

En las versiones 13-RELEASE anteriores a 13-RELEASE-p5 de FreeBSD, bajo ciertas circunstancias el servicio cap_net libcasper(3) valida incorrectamente que las restricciones actualizadas son estrictamente subconjuntos de las restricciones activas. Cuando solo se especificaba una lista de nombres de dominio resolubles sin establecer otras limitaciones, una aplicación podía enviar una nueva lista de dominios que incluyeran entradas que no figuraban anteriormente. Esto podría permitir que la aplicación resuelva nombres de dominio que anteriormente estaban restringidos.

*Credits: Shawn Webb, Mariusz Zaborski
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-07 CVE Reserved
  • 2023-11-08 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
>= 13.0 < 13.2
Search vendor "Freebsd" for product "Freebsd" and version " >= 13.0 < 13.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
p3
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
13.2
Search vendor "Freebsd" for product "Freebsd" and version "13.2"
p4
Affected