1.13.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

f2fs-tools-project

CWE-754

NVD

Published: 2020-10-15

Updated: 2024-11-21

Summary

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	F2Fs-Tools_Project F2Fs Tools Project F2Fs Tools 1.12.0 F2Fs Tools Project F2Fs Tools 1.13.0	2

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://security.gentoo.org/glsa/202101-26
https://security.gentoo.org/glsa/202101-26
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049