A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
References
Configurations
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-11-06 23:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-40284
Mitre link : CVE-2022-40284
CVE.ORG link : CVE-2022-40284
JSON object : View
Products Affected
debian
- debian_linux
tuxera
- ntfs-3g
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')