Vulnerability: Improper Validation of Updated Constraints in FreeBSD 13-RELEASE

Vulnerability: Improper Validation of Updated Constraints in FreeBSD 13-RELEASE

CVE-2023-5978 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

Learn more about our Web Application Penetration Testing UK.