Vulnerabilities > CVE-2022-30783 - Unchecked Return Value vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/06/07/4
- http://www.openwall.com/lists/oss-security/2022/06/07/4
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
- https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
- https://security.gentoo.org/glsa/202301-01
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2022/dsa-5160
- https://www.debian.org/security/2022/dsa-5160