This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
e261e71c-6250-11ee-8e38-002590c1f29c | FreeBSD -- copy_file_range insufficient capability rights checkProblem Description:The syscall checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the syscall must additionally require the CAP_SEEK capability. Impact:A sandboxed process with only read or write but no seek capability on a file descriptor may be able to read data from or write data to an arbitrary location within the file corresponding to that file descriptor. Discovery 2023-10-03 Entry 2023-10-04 FreeBSD-kernel ge 13.2 lt 13.2_4 CVE-2023-5369 SA-23:13.capsicum |