Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.7
CVSSv3

CVE-2022-30785

Published: 26/05/2022 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Tuxera

Vulnerability Summary

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G up to and including 2021.8.22 when using libfuse-lite.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tuxera ntfs-3g

fedoraproject fedora 35

fedoraproject fedora 36

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: ntfs-3g: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
Debian Bug report logs - #1011770 ntfs-3g: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 Package: src:ntfs-3g; Maintainer for src:ntfs-3g is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: T ...
Ubuntu Security Notice: USN-5463-1: NTFS-3G vulnerabilities
Several security issues were fixed in ntfs-3g ...
Ubuntu Security Notice: USN-5463-2: NTFS-3G vulnerabilities
Several security issues were fixed in ntfs-3g ...
Debian Security Advisories: DSA-5160-1 ntfs-3g -- security update
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE A local user can take advantage of these flaws for local root privilege escalation For the oldstable distribution (buster), these problems have been fixed in version 1:2017323AR3-3+deb10u2 For the stable distribution (bullseye), these problems have been fixe ...
Amazon Linux 2: ALAS2-2023-2332
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021822 when using libfuse-lite (CVE-2022-30783) A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021822 (CVE-2022-30784) A file handle created in fuse_ ...
Red Hat:
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021822 when using libfuse-lite ...

References

NVD-CWE-noinfohttps://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releaseshttp://www.openwall.com/lists/oss-security/2022/06/07/4https://www.debian.org/security/2022/dsa-5160https://lists.debian.org/debian-lts-announce/2022/06/msg00017.htmlhttps://security.gentoo.org/glsa/202301-01https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011770https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5463-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook