https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Bug ID: 2093333 Summary: CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: ddepaula@redhat.com, epel-packagers-sig@lists.fedoraproject.org, jferlan@redhat.com, kparal@redhat.com, ngompa13@gmail.com, rjones@redhat.com, spotrh@gmail.com, virt-maint@redhat.com Target Milestone: --- Classification: Other
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/releases
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2093337, 2093338, 2093335, | |2093336, 2093334
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2093334 [Bug 2093334] CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093335 [Bug 2093335] CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093336 [Bug 2093336] CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093337 [Bug 2093337] CVE-2022-30787 ntfs2btrfs: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093338 [Bug 2093338] CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created ntfs-3g tracking bugs for this issue:
Affects: epel-all [bug 2093335] Affects: fedora-all [bug 2093334]
Created ntfs-3g-system-compression tracking bugs for this issue:
Affects: epel-all [bug 2093336] Affects: fedora-all [bug 2093338]
Created ntfs2btrfs tracking bugs for this issue:
Affects: fedora-all [bug 2093337]
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2093356
https://bugzilla.redhat.com/show_bug.cgi?id=2093333 Bug 2093333 depends on bug 2093334, which changed state.
Bug 2093334 Summary: CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093334
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093333 Bug 2093333 depends on bug 2093338, which changed state.
Bug 2093338 Summary: CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093338
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093333 Bug 2093333 depends on bug 2093335, which changed state.
Bug 2093335 Summary: CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093335
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |ntfs-3g 2022.5.17
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
--- Doc Text *updated* by Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- A vulnerability was found in NTFS-3G. An integer underflow in fuse_lib_readdir allows out-of-bounds read operations.
epel-packagers-sig@lists.stg.fedoraproject.org