CVE-2023-49298
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-49298
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49298.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-49298
- Related
- Published
- 2023-11-24T19:15:07Z
- Modified
- 2024-12-05T15:38:21.496399Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.
- References
-
- https://github.com/openzfs/zfs/issues/15526
- https://github.com/openzfs/zfs/pull/15571
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308
- https://news.ycombinator.com/item?id=38405731
- https://bugs.gentoo.org/917224
- https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14
- https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2
- https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html
- https://news.ycombinator.com/item?id=38770168
- https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files
- https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/
- https://security.alpinelinux.org/vuln/CVE-2023-49298
- https://security-tracker.debian.org/tracker/CVE-2023-49298
Affected packages
Alpine:v3.19 / zfs-lts
Package
- Name
- zfs-lts
- Purl
- pkg:apk/alpine/zfs-lts?arch=source
Alpine:v3.19 / zfs-rpi
Package
- Name
- zfs-rpi
- Purl
- pkg:apk/alpine/zfs-rpi?arch=source
Alpine:v3.19 / zfs
Package
- Name
- zfs
- Purl
- pkg:apk/alpine/zfs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1-r1
Affected versions
0.*
0.6.5.7-r0
0.6.5.7-r1
0.6.5.8-r0
0.6.5.9-r0
0.6.5.9-r1
0.7.1-r0
0.7.3-r0
0.7.7-r0
0.7.8-r0
0.7.12-r0
0.7.12-r1
0.7.13-r0
0.8.0-r0
0.8.0-r1
0.8.1-r0
0.8.2-r0
0.8.2-r1
0.8.3-r0
0.8.3-r1
0.8.4-r0
0.8.5-r0
0.8.5-r1
2.*
2.0.0-r0
2.0.1-r0
2.0.3-r0
2.0.3-r1
2.0.3-r2
2.0.3-r3
2.1.1-r0
2.1.1-r1
2.1.2-r0
2.1.4-r0
2.1.4-r1
2.1.4-r2
2.1.5-r0
2.1.5-r1
2.1.6-r0
2.1.6-r1
2.1.7-r0
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.10-r2
2.1.11-r0
2.1.11-r1
2.1.12-r0
2.1.13-r0
2.1.13-r1
2.2.1-r0
Alpine:v3.20 / zfs-lts
Package
- Name
- zfs-lts
- Purl
- pkg:apk/alpine/zfs-lts?arch=source
Alpine:v3.20 / zfs-rpi
Package
- Name
- zfs-rpi
- Purl
- pkg:apk/alpine/zfs-rpi?arch=source
Alpine:v3.20 / zfs
Package
- Name
- zfs
- Purl
- pkg:apk/alpine/zfs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1-r1
Affected versions
0.*
0.6.5.7-r0
0.6.5.7-r1
0.6.5.8-r0
0.6.5.9-r0
0.6.5.9-r1
0.7.1-r0
0.7.3-r0
0.7.7-r0
0.7.8-r0
0.7.12-r0
0.7.12-r1
0.7.13-r0
0.8.0-r0
0.8.0-r1
0.8.1-r0
0.8.2-r0
0.8.2-r1
0.8.3-r0
0.8.3-r1
0.8.4-r0
0.8.5-r0
0.8.5-r1
2.*
2.0.0-r0
2.0.1-r0
2.0.3-r0
2.0.3-r1
2.0.3-r2
2.0.3-r3
2.1.1-r0
2.1.1-r1
2.1.2-r0
2.1.4-r0
2.1.4-r1
2.1.4-r2
2.1.5-r0
2.1.5-r1
2.1.6-r0
2.1.6-r1
2.1.7-r0
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.10-r2
2.1.11-r0
2.1.11-r1
2.1.12-r0
2.1.13-r0
2.1.13-r1
2.2.1-r0
Alpine:v3.21 / zfs-lts
Package
- Name
- zfs-lts
- Purl
- pkg:apk/alpine/zfs-lts?arch=source
Alpine:v3.21 / zfs-rpi
Package
- Name
- zfs-rpi
- Purl
- pkg:apk/alpine/zfs-rpi?arch=source
Alpine:v3.21 / zfs
Package
- Name
- zfs
- Purl
- pkg:apk/alpine/zfs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.1-r1
Affected versions
0.*
0.6.5.7-r0
0.6.5.7-r1
0.6.5.8-r0
0.6.5.9-r0
0.6.5.9-r1
0.7.1-r0
0.7.3-r0
0.7.7-r0
0.7.8-r0
0.7.12-r0
0.7.12-r1
0.7.13-r0
0.8.0-r0
0.8.0-r1
0.8.1-r0
0.8.2-r0
0.8.2-r1
0.8.3-r0
0.8.3-r1
0.8.4-r0
0.8.5-r0
0.8.5-r1
2.*
2.0.0-r0
2.0.1-r0
2.0.3-r0
2.0.3-r1
2.0.3-r2
2.0.3-r3
2.1.1-r0
2.1.1-r1
2.1.2-r0
2.1.4-r0
2.1.4-r1
2.1.4-r2
2.1.5-r0
2.1.5-r1
2.1.6-r0
2.1.6-r1
2.1.7-r0
2.1.8-r0
2.1.9-r0
2.1.9-r1
2.1.10-r0
2.1.10-r1
2.1.10-r2
2.1.11-r0
2.1.11-r1
2.1.12-r0
2.1.13-r0
2.1.13-r1
2.2.1-r0
Debian:11 / zfs-linux
Package
- Name
- zfs-linux
- Purl
- pkg:deb/debian/zfs-linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.6.5.5-1
0.6.5.6-1
0.6.5.6-2
0.6.5.7-1
0.6.5.7-2~bpo8+1
0.6.5.7-2
0.6.5.8-1~bpo8+1
0.6.5.8-1
0.6.5.8-2~bpo8+1
0.6.5.8-2
0.6.5.8-3
0.6.5.9-1
0.6.5.9-2~bpo8+1
0.6.5.9-2
0.6.5.9-3
0.6.5.9-4
0.6.5.9-5~bpo8+1
0.6.5.9-5
0.6.5.9-5+sparc64
0.6.5.10-1
0.6.5.11-1~bpo8+1
0.6.5.11-1~bpo9+1
0.6.5.11-1
0.7.3-1
0.7.3-2
0.7.3-3~bpo8+1
0.7.3-3~bpo9+1
0.7.3-3
0.7.4-1~bpo8+1
0.7.4-1~bpo9+1
0.7.4-1
0.7.5-1~bpo9+1
0.7.5-1
0.7.6-1~bpo8+1
0.7.6-1~bpo9+1
0.7.6-1
0.7.9-0.1
0.7.9-1
0.7.9-2
0.7.9-3~bpo8+1
0.7.9-3~bpo9+1
0.7.9-3
0.7.11-1~bpo8+1
0.7.11-1~bpo9+1
0.7.11-1
0.7.11-2
0.7.11-3
0.7.12-1~bpo9+1
0.7.12-1
0.7.12-2
0.7.12-3
0.7.12-4
0.7.12-5
0.7.13-1~bpo9+1
0.7.13-1~bpo10+1
0.7.13-1
0.8.0~rc3-1
0.8.0~rc4-1
0.8.0-1
0.8.0-2
0.8.1-1
0.8.1-2
0.8.1-3
0.8.1-4~bpo10+1
0.8.1-4
0.8.2-1
0.8.2-2~bpo10+1
0.8.2-2
0.8.2-3~bpo10+1
0.8.2-3
0.8.2-4
0.8.2-5
0.8.3-1~bpo10+1
0.8.3-1
0.8.3-2
0.8.4-1~bpo10+1
0.8.4-1
0.8.4-2~bpo10+1
0.8.4-2
0.8.5-1
0.8.5-2~bpo10+1
0.8.5-2
0.8.5-3~bpo10+1
0.8.5-3
0.8.6-1~bpo10+1
0.8.6-1
2.*
2.0.0-1~exp1
2.0.1-1~exp1
2.0.1-1
2.0.1-2
2.0.1-3
2.0.2-1~bpo10+1
2.0.2-1
2.0.3-1~bpo10+1
2.0.3-1
2.0.3-2
2.0.3-3
2.0.3-4
2.0.3-5
2.0.3-6
2.0.3-7
2.0.3-8~bpo10+1
2.0.3-8
2.0.3-9~bpo10+1
2.0.3-9
2.0.3-9+deb11u1
2.0.6-1~bpo10+1
2.0.6-1~bpo11+1
2.0.6-1
2.0.6-2
2.0.7-1~bpo10+1
2.1.1-1
2.1.1-2
2.1.1-3
2.1.2-1~bpo11+1
2.1.2-1
2.1.4-1~bpo11+1
2.1.4-1
2.1.5-1~bpo11+1
2.1.5-1
2.1.6-1
2.1.6-2
2.1.6-3~bpo11+1
2.1.6-3
2.1.7-1~bpo11+1
2.1.7-1
2.1.7-2
2.1.8-1
2.1.9-1~bpo11+1
2.1.9-1
2.1.9-2
2.1.9-3~bpo11+1
2.1.9-3
2.1.9-4
2.1.11-1~bpo11+1
2.1.11-1
2.1.12-1
2.1.12-2~bpo12+1
2.1.12-2
2.1.13-1~bpo11+1
2.1.13-1~bpo12+1
2.1.13-1
2.1.13-2~bpo11+1
2.1.13-2~bpo12+1
2.1.13-2
2.1.14-1~bpo11+1
2.1.14-1~bpo12+1
2.1.14-1
2.2.0-1~exp1
2.2.1-1~exp1
2.2.1-1~exp2
2.2.2-1~exp1
2.2.2-1
2.2.2-2
2.2.2-3~bpo12+1
2.2.2-3
2.2.2-4~bpo12+1
2.2.2-4
2.2.2-5~exp1
2.2.2-5~exp2
2.2.2-5~exp3
2.2.3-1~bpo12+1
2.2.3-1
2.2.3-2~bpo12+1
2.2.3-2
2.2.4-1~bpo12+1
2.2.4-1
2.2.4-2
2.2.5-1~bpo12+1
2.2.5-1
2.2.6-1~bpo12+1
2.2.6-1~bpo12+2
2.2.6-1~bpo12+3
2.2.6-1
2.2.6-2
Debian:12 / zfs-linux
Package
- Name
- zfs-linux
- Purl
- pkg:deb/debian/zfs-linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.6.5.5-1
0.6.5.6-1
0.6.5.6-2
0.6.5.7-1
0.6.5.7-2~bpo8+1
0.6.5.7-2
0.6.5.8-1~bpo8+1
0.6.5.8-1
0.6.5.8-2~bpo8+1
0.6.5.8-2
0.6.5.8-3
0.6.5.9-1
0.6.5.9-2~bpo8+1
0.6.5.9-2
0.6.5.9-3
0.6.5.9-4
0.6.5.9-5~bpo8+1
0.6.5.9-5
0.6.5.9-5+sparc64
0.6.5.10-1
0.6.5.11-1~bpo8+1
0.6.5.11-1~bpo9+1
0.6.5.11-1
0.7.3-1
0.7.3-2
0.7.3-3~bpo8+1
0.7.3-3~bpo9+1
0.7.3-3
0.7.4-1~bpo8+1
0.7.4-1~bpo9+1
0.7.4-1
0.7.5-1~bpo9+1
0.7.5-1
0.7.6-1~bpo8+1
0.7.6-1~bpo9+1
0.7.6-1
0.7.9-0.1
0.7.9-1
0.7.9-2
0.7.9-3~bpo8+1
0.7.9-3~bpo9+1
0.7.9-3
0.7.11-1~bpo8+1
0.7.11-1~bpo9+1
0.7.11-1
0.7.11-2
0.7.11-3
0.7.12-1~bpo9+1
0.7.12-1
0.7.12-2
0.7.12-3
0.7.12-4
0.7.12-5
0.7.13-1~bpo9+1
0.7.13-1~bpo10+1
0.7.13-1
0.8.0~rc3-1
0.8.0~rc4-1
0.8.0-1
0.8.0-2
0.8.1-1
0.8.1-2
0.8.1-3
0.8.1-4~bpo10+1
0.8.1-4
0.8.2-1
0.8.2-2~bpo10+1
0.8.2-2
0.8.2-3~bpo10+1
0.8.2-3
0.8.2-4
0.8.2-5
0.8.3-1~bpo10+1
0.8.3-1
0.8.3-2
0.8.4-1~bpo10+1
0.8.4-1
0.8.4-2~bpo10+1
0.8.4-2
0.8.5-1
0.8.5-2~bpo10+1
0.8.5-2
0.8.5-3~bpo10+1
0.8.5-3
0.8.6-1~bpo10+1
0.8.6-1
2.*
2.0.0-1~exp1
2.0.1-1~exp1
2.0.1-1
2.0.1-2
2.0.1-3
2.0.2-1~bpo10+1
2.0.2-1
2.0.3-1~bpo10+1
2.0.3-1
2.0.3-2
2.0.3-3
2.0.3-4
2.0.3-5
2.0.3-6
2.0.3-7
2.0.3-8~bpo10+1
2.0.3-8
2.0.3-9~bpo10+1
2.0.3-9
2.0.6-1~bpo10+1
2.0.6-1~bpo11+1
2.0.6-1
2.0.6-2
2.0.7-1~bpo10+1
2.1.1-1
2.1.1-2
2.1.1-3
2.1.2-1~bpo11+1
2.1.2-1
2.1.4-1~bpo11+1
2.1.4-1
2.1.5-1~bpo11+1
2.1.5-1
2.1.6-1
2.1.6-2
2.1.6-3~bpo11+1
2.1.6-3
2.1.7-1~bpo11+1
2.1.7-1
2.1.7-2
2.1.8-1
2.1.9-1~bpo11+1
2.1.9-1
2.1.9-2
2.1.9-3~bpo11+1
2.1.9-3
2.1.9-4
2.1.11-1~bpo11+1
2.1.11-1
2.1.11-1+deb12u1
2.1.12-1
2.1.12-2~bpo12+1
2.1.12-2
2.1.13-1~bpo11+1
2.1.13-1~bpo12+1
2.1.13-1
2.1.13-2~bpo11+1
2.1.13-2~bpo12+1
2.1.13-2
2.1.14-1~bpo11+1
2.1.14-1~bpo12+1
2.1.14-1
2.2.0-1~exp1
2.2.1-1~exp1
2.2.1-1~exp2
2.2.2-1~exp1
2.2.2-1
2.2.2-2
2.2.2-3~bpo12+1
2.2.2-3
2.2.2-4~bpo12+1
2.2.2-4
2.2.2-5~exp1
2.2.2-5~exp2
2.2.2-5~exp3
2.2.3-1~bpo12+1
2.2.3-1
2.2.3-2~bpo12+1
2.2.3-2
2.2.4-1~bpo12+1
2.2.4-1
2.2.4-2
2.2.5-1~bpo12+1
2.2.5-1
2.2.6-1~bpo12+1
2.2.6-1~bpo12+2
2.2.6-1~bpo12+3
2.2.6-1
2.2.6-2
Debian:13 / zfs-linux
Package
- Name
- zfs-linux
- Purl
- pkg:deb/debian/zfs-linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.14-1
Affected versions
0.*
0.6.5.5-1
0.6.5.6-1
0.6.5.6-2
0.6.5.7-1
0.6.5.7-2~bpo8+1
0.6.5.7-2
0.6.5.8-1~bpo8+1
0.6.5.8-1
0.6.5.8-2~bpo8+1
0.6.5.8-2
0.6.5.8-3
0.6.5.9-1
0.6.5.9-2~bpo8+1
0.6.5.9-2
0.6.5.9-3
0.6.5.9-4
0.6.5.9-5~bpo8+1
0.6.5.9-5
0.6.5.9-5+sparc64
0.6.5.10-1
0.6.5.11-1~bpo8+1
0.6.5.11-1~bpo9+1
0.6.5.11-1
0.7.3-1
0.7.3-2
0.7.3-3~bpo8+1
0.7.3-3~bpo9+1
0.7.3-3
0.7.4-1~bpo8+1
0.7.4-1~bpo9+1
0.7.4-1
0.7.5-1~bpo9+1
0.7.5-1
0.7.6-1~bpo8+1
0.7.6-1~bpo9+1
0.7.6-1
0.7.9-0.1
0.7.9-1
0.7.9-2
0.7.9-3~bpo8+1
0.7.9-3~bpo9+1
0.7.9-3
0.7.11-1~bpo8+1
0.7.11-1~bpo9+1
0.7.11-1
0.7.11-2
0.7.11-3
0.7.12-1~bpo9+1
0.7.12-1
0.7.12-2
0.7.12-3
0.7.12-4
0.7.12-5
0.7.13-1~bpo9+1
0.7.13-1~bpo10+1
0.7.13-1
0.8.0~rc3-1
0.8.0~rc4-1
0.8.0-1
0.8.0-2
0.8.1-1
0.8.1-2
0.8.1-3
0.8.1-4~bpo10+1
0.8.1-4
0.8.2-1
0.8.2-2~bpo10+1
0.8.2-2
0.8.2-3~bpo10+1
0.8.2-3
0.8.2-4
0.8.2-5
0.8.3-1~bpo10+1
0.8.3-1
0.8.3-2
0.8.4-1~bpo10+1
0.8.4-1
0.8.4-2~bpo10+1
0.8.4-2
0.8.5-1
0.8.5-2~bpo10+1
0.8.5-2
0.8.5-3~bpo10+1
0.8.5-3
0.8.6-1~bpo10+1
0.8.6-1
2.*
2.0.0-1~exp1
2.0.1-1~exp1
2.0.1-1
2.0.1-2
2.0.1-3
2.0.2-1~bpo10+1
2.0.2-1
2.0.3-1~bpo10+1
2.0.3-1
2.0.3-2
2.0.3-3
2.0.3-4
2.0.3-5
2.0.3-6
2.0.3-7
2.0.3-8~bpo10+1
2.0.3-8
2.0.3-9~bpo10+1
2.0.3-9
2.0.6-1~bpo10+1
2.0.6-1~bpo11+1
2.0.6-1
2.0.6-2
2.0.7-1~bpo10+1
2.1.1-1
2.1.1-2
2.1.1-3
2.1.2-1~bpo11+1
2.1.2-1
2.1.4-1~bpo11+1
2.1.4-1
2.1.5-1~bpo11+1
2.1.5-1
2.1.6-1
2.1.6-2
2.1.6-3~bpo11+1
2.1.6-3
2.1.7-1~bpo11+1
2.1.7-1
2.1.7-2
2.1.8-1
2.1.9-1~bpo11+1
2.1.9-1
2.1.9-2
2.1.9-3~bpo11+1
2.1.9-3
2.1.9-4
2.1.11-1~bpo11+1
2.1.11-1
2.1.12-1
2.1.12-2~bpo12+1
2.1.12-2
2.1.13-1~bpo11+1
2.1.13-1~bpo12+1
2.1.13-1
2.1.13-2~bpo11+1
2.1.13-2~bpo12+1
2.1.13-2
2.1.14-1~bpo11+1
2.1.14-1~bpo12+1
Git / github.com/openzfs/zfs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openzfs/zfs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
zfs-0.*
zfs-0.5.1
zfs-0.5.2
zfs-0.6.0-rc1
zfs-0.6.0-rc10
zfs-0.6.0-rc11
zfs-0.6.0-rc12
zfs-0.6.0-rc13
zfs-0.6.0-rc14
zfs-0.6.0-rc2
zfs-0.6.0-rc3
zfs-0.6.0-rc4
zfs-0.6.0-rc5
zfs-0.6.0-rc6
zfs-0.6.0-rc7
zfs-0.6.0-rc8
zfs-0.6.0-rc9
zfs-0.6.1
zfs-0.6.2
zfs-0.6.3
zfs-0.6.4
zfs-0.6.5
zfs-0.7.0
zfs-0.7.0-rc1
zfs-0.7.0-rc2
zfs-0.7.0-rc3
zfs-0.7.0-rc4
zfs-0.7.0-rc5
zfs-0.8.0
zfs-0.8.0-rc1
zfs-0.8.0-rc2
zfs-0.8.0-rc3
zfs-0.8.0-rc4
zfs-0.8.0-rc5
zfs-2.*
zfs-2.0.0-rc1
zfs-2.1.0
zfs-2.1.0-rc1
zfs-2.1.0-rc2
zfs-2.1.0-rc3
zfs-2.1.0-rc4
zfs-2.1.0-rc5
zfs-2.1.0-rc6
zfs-2.1.0-rc7
zfs-2.1.0-rc8
zfs-2.1.1
zfs-2.1.10
zfs-2.1.11
zfs-2.1.12
zfs-2.1.13
zfs-2.1.2
zfs-2.1.3
zfs-2.1.4
zfs-2.1.5
zfs-2.1.6
zfs-2.1.7
zfs-2.1.8
zfs-2.1.9
zfs-2.1.99
zfs-2.2.0
zfs-2.2.0-rc1
zfs-2.2.0-rc2
zfs-2.2.0-rc3
zfs-2.2.0-rc4
zfs-2.2.0-rc5