In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2023-11-08T08:52:46.920Z

Updated: 2024-08-02T08:14:25.164Z

Reserved: 2023-11-07T02:39:14.800Z

Link: CVE-2023-5978

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-08T09:15:07.933

Modified: 2024-11-21T08:42:54.420

Link: CVE-2023-5978

cve-icon Redhat

No data.