CVE-2022-30783

MEDIUM

NTFS-3G <2021.8.22 - Info Disclosure

Title source: llm

Description

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

References (10)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/06/07/4

[Release Notes, Third Party Advisory] https://github.com/tuxera/ntfs-3g/releases

[Third Party Advisory] https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html

[Third Party Advisory] https://security.gentoo.org/glsa/202301-01

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5160

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7/

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-252

Status published

Affected Products (6)

tuxera/ntfs-3g < 2021.8.22

fedoraproject/fedora

debian/debian_linux

Timeline

Published May 26, 2022

Tracked Since Feb 18, 2026