Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-40284

Опубликовано: 06 нояб. 2022
Источник: debian
EPSS Низкий

Описание

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ntfs-3gfixed1:2022.10.3-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2022/10/31/2

  • https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 (2022.10.3)

  • https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656 (2022.10.3)

EPSS

Процентиль: 7%
0.0003
Низкий

Связанные уязвимости

CVSS3: 7.8
ubuntu
больше 2 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

CVSS3: 3.3
redhat
больше 2 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

CVSS3: 7.8
nvd
больше 2 лет назад

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

CVSS3: 7.8
msrc
больше 2 лет назад

Описание отсутствует

suse-cvrf
больше 2 лет назад

Security update for ntfs-3g_ntfsprogs

EPSS

Процентиль: 7%
0.0003
Низкий