Vulnerability CVE-2022-40284: Information

Description

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: Nov. 7, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-120

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
ntfs-3gsisyphus2021.8.22-alt22022.10.3-alt1ALT-PU-2022-3191-1309667Fixed
ntfs-3gsisyphus_e2k2021.8.22-alt22022.10.3-alt1ALT-PU-2022-7199-1-Fixed
ntfs-3gsisyphus_mipsel2021.8.22-alt22022.10.3-alt1ALT-PU-2022-7179-1-Fixed
ntfs-3gsisyphus_riscv642021.8.22-alt22022.10.3-alt1ALT-PU-2022-7182-1-Fixed
ntfs-3gp102021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gp10_e2k2021.8.22-alt22021.8.22-alt2ALT-PU-2022-7251-1-Fixed
ntfs-3gp92021.8.22-alt22021.8.22-alt2ALT-PU-2023-1655-1318846Fixed
ntfs-3gc10f12021.8.22-alt22021.8.22-alt2ALT-PU-2022-3230-1310495Fixed
ntfs-3gc9f22021.8.22-alt22021.8.22-alt2ALT-PU-2022-3208-1310494Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*
      End excliding
      2022.10.3

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*