{"url":"http://public2.vulnerablecode.io/api/packages/137161?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.14-1?distro=trixie","type":"deb","namespace":"debian","name":"zfs-linux","version":"2.1.14-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.2.2-1","latest_non_vulnerable_version":"2.4.2-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107172?format=json","vulnerability_id":"VCID-vptn-8duy-eqgs","summary":"OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.","references":[{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056752","reference_id":"1056752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137154?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/137155?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/137153?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.11-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.11-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/137161?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/137159?format=json","purl":"pkg:deb/debian/zfs-linux@2.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.3.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/137156?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.2-2%3Fdistro=trixie"}],"aliases":["CVE-2023-49298"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vptn-8duy-eqgs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.14-1%3Fdistro=trixie"}