Vulnerability CVE-2022-30784: Information

Description

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (4.6)
Vector: CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
URL: https://nvd.nist.gov/vuln/detail/CVE-2022-30784
Published: May 26, 2022
Modified: Dec. 2, 2025
Error type identifier: CWE-120

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
ntfs-3gsisyphus2021.8.22-alt22022.10.3-alt1ALT-PU-2022-3191-1309667Fixed
ntfs-3gsisyphus_e2k2021.8.22-alt22022.10.3-alt1ALT-PU-2022-7199-1-Fixed
ntfs-3gsisyphus_riscv642021.8.22-alt22022.10.3-alt1ALT-PU-2022-7182-1-Fixed
ntfs-3gp102021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gp10_e2k2021.8.22-alt22021.8.22-alt2ALT-PU-2022-7251-1-Fixed
ntfs-3gp92021.8.22-alt22021.8.22-alt2ALT-PU-2023-1655-1318846Fixed
ntfs-3gc10f22021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gc9f22021.8.22-alt22021.8.22-alt2ALT-PU-2022-3208-1310494Fixed
ntfs-3gp112021.8.22-alt22022.10.3-alt1ALT-PU-2022-3191-1309667Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/tuxera/ntfs-3g/releases
  • Release Notes
  • Third Party Advisory
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
    https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
      https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
        https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
          https://security.gentoo.org/glsa/202301-01
          • Third Party Advisory
          https://www.debian.org/security/2022/dsa-5160
          • Third Party Advisory
          BDU:2022-03378
              1. cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*
                End including
                2021.8.22
                cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
            Version: v25.10.0
            Back to top