Vulnerability CVE-2022-30787: Information

Description

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

Severity: MEDIUM (6.7)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (4.6)
Vector: CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
URL: https://nvd.nist.gov/vuln/detail/CVE-2022-30787
Published: May 26, 2022
Modified: Nov. 21, 2024
Error type identifier: CWE-191

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
ntfs-3gsisyphus2021.8.22-alt22022.10.3-alt1ALT-PU-2022-3191-1309667Fixed
ntfs-3gsisyphus_e2k2021.8.22-alt22022.10.3-alt1ALT-PU-2022-7199-1-Fixed
ntfs-3gsisyphus_riscv642021.8.22-alt22022.10.3-alt1ALT-PU-2022-7182-1-Fixed
ntfs-3gp102021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gp10_e2k2021.8.22-alt22021.8.22-alt2ALT-PU-2022-7251-1-Fixed
ntfs-3gp92021.8.22-alt22021.8.22-alt2ALT-PU-2023-1655-1318846Fixed
ntfs-3gc10f22021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gc9f22021.8.22-alt22021.8.22-alt2ALT-PU-2022-3208-1310494Fixed
ntfs-3gp112021.8.22-alt22022.10.3-alt1ALT-PU-2022-3191-1309667Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.openwall.com/lists/oss-security/2022/06/07/4
  • Mailing List
  • Third Party Advisory
https://github.com/tuxera/ntfs-3g/releases
  • Release Notes
  • Third Party Advisory
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
    https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
      https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
        https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
          https://security.gentoo.org/glsa/202301-01
          • Third Party Advisory
          https://www.debian.org/security/2022/dsa-5160
          • Third Party Advisory
          BDU:2022-03924
              1. cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*
                End including
                2021.8.22
                cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
            Version: v25.10.0
            Back to top