CVE-2023-52890

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions NTFS-3G versions before 75dcdc2

Description The issue is related to a use-after-free error in the ntfs uppercase mbs function in libntfs-3g/unistr.c. This could potentially allow an attacker to cause a crash. However, discussions suggest that exploiting this issue would be challenging.

Recommendations For NTFS-3G versions before 75dcdc2, update to a version after 75dcdc2 to resolve the issue. As a temporary workaround, consider restricting access to the ntfs uppercase mbs function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-42652

AZL-42667

BDU:2024-11076

CVE-2023-52890

MGASA-2024-0284

OESA-2024-1739

OPENSUSE-SU-2024:14046-1

OPENSUSE-SU-2024_2187-1

SUSE-SU-2024:2074-1

SUSE-SU-2024:2187-1

SUSE-SU-2024_2074-1

SUSE-SU-2024_2187-1

USN-8192-1

Affected Products

Astra Linux

Linuxmint

Ntfs-3G

Red Os

Suse

Ubuntu

CVE-2023-52890

Weakness Enumeration

Related Identifiers

Affected Products

References · 35