CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40284 – NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image
https://notcve.org/view.php?id=CVE-2022-40284
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. Se descubrió un desbordamiento del búfer en NTFS-3G antes de 2022.10.3. • http://www.openwall.com/lists/oss-security/2022/10/31/2 https://github.com/tuxera/ntfs-3g/releases https://lists.debian.org/debian-lts-announce/2022/11/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4Y • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30783
https://notcve.org/view.php?id=CVE-2022-30783
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Un código de retorno no válido en fuse_kern_mount permite interceptar el tráfico del protocolo libfuse-lite entre NTFS-3G y el kernel en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite • http://www.openwall.com/lists/oss-security/2022/06/07/4 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraprojec • CWE-252: Unchecked Return Value •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30785
https://notcve.org/view.php?id=CVE-2022-30785
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un manejador de archivos creado en fuse_lib_opendir, y posteriormente usado en fuse_lib_readdir, permite realizar operaciones de lectura y escritura en memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite • http://www.openwall.com/lists/oss-security/2022/06/07/4 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraprojec •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30787
https://notcve.org/view.php?id=CVE-2022-30787
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un desbordamiento de enteros en fuse_lib_readdir permite realizar operaciones de lectura de memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando se usa libfuse-lite • http://www.openwall.com/lists/oss-security/2022/06/07/4 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraprojec • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30784 – ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
https://notcve.org/view.php?id=CVE-2022-30784
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar el agotamiento de la pila en ntfs_get_attribute_value en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •