Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-40284

Published: 06/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Ntfs-3g

Vulnerability Summary

A buffer overflow exists in NTFS-3G prior to 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tuxera ntfs-3g

debian debian linux 10.0

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Red Hat: Important: virt:rhel security update
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, ...
Red Hat: Important: virt:rhel security update
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterpris ...
Debian Security Advisories: DSA-5270-1 ntfs-3g -- security update
Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of the NTFS metadata A local user can take advantage of this flaw for local root privilege escalation For the stable distribution (bullseye), this problem has been fixed in version 1:2017323AR3-4+deb11u3 ...

References

CWE-120http://www.openwall.com/lists/oss-security/2022/10/31/2https://github.com/tuxera/ntfs-3g/releaseshttps://lists.debian.org/debian-lts-announce/2022/11/msg00029.htmlhttps://security.gentoo.org/glsa/202301-01https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4YGTFMNZQA7HW/https://access.redhat.com/errata/RHSA-2023:5796https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5270
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook