CVE-2020-6107

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions F2fs-Tools F2fs.Fsck version 1.13

Description An exploitable information disclosure issue exists in the dev read functionality. A specially crafted f2fs filesystem can cause an uninitialized read, resulting in information disclosure. An attacker can trigger this issue by providing a malicious file.

Recommendations For F2fs-Tools F2fs.Fsck version 1.13, consider disabling the dev read functionality as a temporary workaround until a patch is available. Restrict access to the f2fs filesystem to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Out of bounds Read

Improper Check for Exceptional Conditions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-754CWE-200CWE-253

Related Identifiers

ALT-PU-2020-2693

ALT-PU-2024-13883

BDU:2021-06201

CVE-2020-6107

Affected Products

Alt Linux

F2Fs-Tools

CVE-2020-6107

Weakness Enumeration

Related Identifiers

Affected Products

References · 16