PT-2022-2831 · Ntfs-3G+10 · Ntfs-3G+10

Published

2022-05-16

·

Updated

2024-04-03

·

CVE-2022-30784

CVSS v2.0

8.3

High

VectorAV:A/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions NTFS-3G versions through 2021.8.22
Description The issue is related to a heap exhaustion vulnerability in the ntfs get attribute value function of the NTFS-3G file system. This vulnerability can be exploited by a remote attacker using a specially crafted NTFS image file, potentially allowing the execution of arbitrary code with elevated privileges.
Recommendations For versions through 2021.8.22, consider updating to a version later than 2021.8.22 to resolve the issue. As a temporary workaround, restrict the use of the ntfs get attribute value function until a patch is available. Avoid using specially crafted NTFS image files that could trigger the heap exhaustion vulnerability.

Fix

RCE

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-122CWE-120

Related Identifiers

ALSA-2023:2179
ALSA-2023:2757
ALT-PU-2022-3191
ALT-PU-2022-3208
ALT-PU-2022-3230
ALT-PU-2023-1655
ALT-PU-2023-4812
AZL-9847
BDU:2022-03378
CESA-2023_2757
CVE-2022-30784
DLA-3055-1
DSA-5160-1
GHSA-XCHM-PH5H-HW4X
MGASA-2022-0385
OESA-2022-1685
OPENSUSE-SU-2022_2835-1
RHSA-2023:2179
RHSA-2023:2757
RHSA-2023_2179
RHSA-2023_2757
SUSE-SU-2022:2835-1
SUSE-SU-2022:2836-1
USN-5463-1
USN-5463-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Ntfs-3G
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu