1.13.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

f2fs-tools-project

CWE-754

NVD

Published: 2020-10-15

Updated: 2022-05-12

Summary

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	F2Fs-Tools_Project F2Fs Tools Project F2Fs Tools 1.12.0 F2Fs Tools Project F2Fs Tools 1.13.0	2

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
https://security.gentoo.org/glsa/202101-26