CVE-2023-0751

Опубликовано: 08 фев. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.

Ссылки

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc
Mitigation
Patch
Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc
Mitigation
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230316-0004/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.0033

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4j3q-rqjq-x3f3