CVE-2023-5978

CVE-2023-5978: Incorrect libcap_net limitation list manipulation

Vendor Freebsd
Product FreeBSD
Weakness CWE-269
Published November 8, 2023
Last update February 13, 2025

CVSS base score

What the vulnerability does

01Description

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

Key dates

02Disclosure timeline

November 8, 2023 CVE published
February 13, 2025 Record updated