A buffer overflow exists in NTFS-3G prior to 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tuxera ntfs-3g |
||
debian debian linux 10.0 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |