CVE-2024-6759

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description The issue is related to the readdir(3) function in the FreeBSD operating system, specifically when mounting a remote filesystem using NFS. The kernel does not properly sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components, leading to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.