CVE-2023-52890Ntfs-3g vulnerability

6 documents6 sources
Severity
4.5MEDIUMNVD
EPSS
0.1%
top 77.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tuxera Ntfs-3g
Timeline
PublishedJun 13

Description

NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages1 packages

Debiantuxera/ntfs-3g< 1:2017.3.23AR.3-4+deb11u4+3

🔴Vulnerability Details

3
OSV
CVE-2023-52890: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr2024-06-13
GHSA
GHSA-m8g6-3qqh-77pv: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr2024-06-13
CVEList
CVE-2023-52890: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr2024-06-13

📋Vendor Advisories

2
Microsoft
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.2024-06-11
Debian
CVE-2023-52890: ntfs-3g - NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/...2023
CVE-2023-52890 — Tuxera Ntfs-3g vulnerability | cvebase