A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
References
Configurations
History
23 Dec 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Nov 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2022, 17:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/tuxera/ntfs-3g/releases - Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2022/10/31/2 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-120 | |
CPE | cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:* |
07 Nov 2022, 01:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-06 23:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-40284
Mitre link : CVE-2022-40284
CVE.ORG link : CVE-2022-40284
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
tuxera
- ntfs-3g
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')