FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- libc stdio buffer overflow

Affected packages
13.2 <= FreeBSD < 13.2_5
12.4 <= FreeBSD < 12.4_7


VuXML ID 5afcc9a4-7e04-11ee-8e38-002590c1f29c
Discovery 2023-11-08
Entry 2023-11-08

Problem Description:

For line-buffered streams the __sflush() function did not correctly update the FILE object's write space member when the write(2) system call returns an error.


Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overfly may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.


CVE Name CVE-2023-5941
FreeBSD Advisory SA-23:15.stdio