CVE-2020-6104

Name of the Vulnerable Software and Affected Versions F2fs-Tools F2fs.Fsck version 1.13

Description An exploitable information disclosure issue exists in the get dnode of data functionality. A specially crafted f2fs filesystem can cause information disclosure. An attacker can provide a malicious file to trigger this issue, potentially allowing access to confidential information through a buffer overflow error, which is essentially a memory access violation that occurs when the program tries to access a memory location outside the boundaries of the buffer, leading to unauthorized data disclosure.

Recommendations For F2fs-Tools F2fs.Fsck version 1.13, consider restricting access to the get dnode of data functionality until a patch is available. As a temporary workaround, avoid using specially crafted f2fs filesystems that could trigger the information disclosure issue. At the moment, there is no information about a newer version that contains a fix for this issue.