CVE-2023-33552

Name of the Vulnerable Software and Affected Versions erofs-utils version 1.6

Description The issue is related to a Heap Buffer Overflow that allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. This can be achieved through the erofs read one data function at data.c or the erofsfsck dirent iter function in fsck/main.c.

Recommendations For erofs-utils version 1.6, consider disabling the erofs read one data function and the erofsfsck dirent iter function until a patch is available. Restrict access to crafted erofs filesystem images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.