Vulnerabilities > CVE-2022-30787 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/06/07/4
- http://www.openwall.com/lists/oss-security/2022/06/07/4
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
- https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/
- https://security.gentoo.org/glsa/202301-01
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2022/dsa-5160
- https://www.debian.org/security/2022/dsa-5160