MGASA-2022-0385

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0385.html

Import Source

https://advisories.mageia.org/MGASA-2022-0385.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0385

Related

Published

2022-10-23T22:48:35Z

Modified

2022-10-23T21:53:42Z

Summary

Updated ntfs-3g packages fix security vulnerability

Details

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. (CVE-2021-46790)

An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30783)

A crafted NTFS image can cause heap exhaustion in ntfsgetattribute_value in NTFS-3G through 2021.8.22. (CVE-2022-30784)

A file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30785)

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfull_collate in NTFS-3G through 2021.8.22. (CVE-2022-30786)

An integer underflow in fuselibreaddir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30787)

A crafted NTFS image can cause a heap-based buffer overflow in ntfsmftrec_alloc in NTFS-3G through 2021.8.22. (CVE-2022-30788)

A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22. (CVE-2022-30789)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / ntfs-3g

Package

Name: ntfs-3g
Purl: pkg:rpm/mageia/ntfs-3g?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2021.8.22-1.1.mga8

Ecosystem specific

{
    "section": "core"
}