How severe is CVE-2023-5941?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-5941?

This is classified as CWE-131, which is a common weakness in software security.

CVE-2023-5941

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-131

View all →

Vulnerability Description

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

CVE-2001-0248

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CWE-1312001

CVE-2001-0249

CRITICAL

CVSS:9.8(Critical)

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CWE-1312001

CVE-2002-1347

CRITICAL

CVSS:9.8(Critical)

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonical...

CWE-1312002

CVE-2003-0899

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the...

CWE-1312003

CVE-2004-0434

CRITICAL

CVSS:9.8(Critical)

k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based ...

CWE-1312004

CVE-2004-1363

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CWE-1312004

CVE-2023-5941

Vulnerability Description

Related Vulnerabilities

CVE-2001-0248

CVE-2001-0249

CVE-2002-1347

CVE-2003-0899

CVE-2004-0434

CVE-2004-1363