13.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

freebsd

NVD

Published: 2023-11-08

Updated: 2023-12-14

Summary

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 13.2 Freebsd Freebsd 13.0 Freebsd Freebsd 13.1	43

References

https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc
https://security.netapp.com/advisory/ntap-20231214-0003/