CVE-2022-30783 — Unchecked Return Value in Ntfs-3g
Severity
6.7MEDIUMNVD
OSV7.8
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 26
Latest updateAug 2
Description
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35, 36
🔴Vulnerability Details
5GHSA▶
GHSA-rjmv-pj96-38ph: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021↗2022-05-27
OSV▶
CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021↗2022-05-26
CVEList▶
CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021↗2022-05-26
📋Vendor Advisories
5Red Hat▶
ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic↗2022-05-26
Microsoft▶
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.↗2022-05-10
Debian▶
CVE-2022-30783: ntfs-3g - An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite p...↗2022