cbcvebase.
CVE-2023-52890
published 2024-06-13

CVE-2023-52890: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

PriorityP418medium4.5CVSS 3.1
AVLACHPRLUINSUCLILAL
EPSS
0.16%
5.5th percentile
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianntfs-3g< ntfs-3g 1:2022.10.3-1+deb12u1 (bookworm)ntfs-3g 1:2022.10.3-1+deb12u1 (bookworm)
msrcazl3_ntfs-3g_2022.10.3-2_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_ntfs-3g_2022.10.3-2_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
tuxerantfs-3g>= 0 < 1:2017.3.23AR.3-4+deb11u41:2017.3.23AR.3-4+deb11u4
tuxerantfs-3g>= 0 < 1:2022.10.3-1+deb12u11:2022.10.3-1+deb12u1
tuxerantfs-3g>= 0 < 1:2022.10.3-31:2022.10.3-3
tuxerantfs-3g>= 0 < 1:2022.10.3-31:2022.10.3-3

CVSS provenance

nvdv3.14.5MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
osv4.5MEDIUM
vendor_debian4.5MEDIUM
vendor_msrc4.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.