Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/zfs-linux@2.1.14-1?distro=trixie |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | zfs-linux |
|---|
| Version | 2.1.14-1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 2.2.2-1 |
|---|
| Latest_non_vulnerable_version | 2.4.2-2 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-vptn-8duy-eqgs |
| vulnerability_id |
VCID-vptn-8duy-eqgs |
| summary |
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-49298
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vptn-8duy-eqgs |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.14-1%3Fdistro=trixie |
|---|