{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40284", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:14:39.985Z", "dateReserved": "2022-09-08T00:00:00", "datePublished": "2022-11-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/tuxera/ntfs-3g/releases"}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/31/2"}, {"name": "[debian-lts-announce] 20221121 [SECURITY] [DLA 3201-1] ntfs-3g security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00029.html"}, {"name": "FEDORA-2022-4915124227", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI/"}, {"name": "FEDORA-2022-14f11bfc73", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP/"}, {"name": "FEDORA-2022-243616c548", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4YGTFMNZQA7HW/"}, {"name": "GLSA-202301-01", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202301-01"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:39.985Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/tuxera/ntfs-3g/releases", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/31/2", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221121 [SECURITY] [DLA 3201-1] ntfs-3g security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00029.html"}, {"name": "FEDORA-2022-4915124227", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI/"}, {"name": "FEDORA-2022-14f11bfc73", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP/"}, {"name": "FEDORA-2022-243616c548", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4YGTFMNZQA7HW/"}, {"name": "GLSA-202301-01", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202301-01"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D7B236-A478-49BA-B2EF-2C40458EDB45", "versionEndExcluding": "2022.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device."}, {"lang": "es", "value": "Se descubri\u00f3 un desbordamiento del b\u00fafer en NTFS-3G antes de 2022.10.3. Los metadatos elaborados en una imagen NTFS pueden provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante local puede aprovechar esto si el binario ntfs-3g es setuid root. Un atacante f\u00edsicamente cercano puede aprovechar esto si el software NTFS-3G est\u00e1 configurado para ejecutarse al conectar un dispositivo de almacenamiento externo."}], "id": "CVE-2022-40284", "lastModified": "2023-11-07T03:52:15.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-06T23:15:09.463", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/31/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/tuxera/ntfs-3g/releases"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00029.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4YGTFMNZQA7HW/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202301-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5405", "cpe": "cpe:/a:redhat:advanced_virtualization:8.4::el8", "package": "virt:av-8040020230901100845.522a0ee4", "product_name": "Advanced Virtualization for RHEL 8.4.0.EUS", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5405", "cpe": "cpe:/a:redhat:advanced_virtualization:8.4::el8", "package": "virt-devel:av-8040020230901100845.522a0ee4", "product_name": "Advanced Virtualization for RHEL 8.4.0.EUS", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5264", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8080020230901075317.63b34585", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:5264", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8080020230901075317.63b34585", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:5239", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "virt:rhel-8010020230902123217.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2023:5587", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "virt:rhel-8020020230902114249.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:5587", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "virt:rhel-8020020230902114249.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:5587", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "virt:rhel-8020020230902114249.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:5796", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "virt:rhel-8040020230902084954.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-17T00:00:00Z"}, {"advisory": "RHSA-2023:5796", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "virt:rhel-8040020230902084954.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-17T00:00:00Z"}, {"advisory": "RHSA-2023:5796", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "virt:rhel-8040020230902084954.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-17T00:00:00Z"}, {"advisory": "RHSA-2024:0404", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "virt-devel:rhel-8060020231128234847.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0404", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "virt:rhel-8060020231128234847.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:6167", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libguestfs-winsupport-0:9.2-2.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-30T00:00:00Z"}, {"advisory": "RHSA-2023:6168", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "libguestfs-winsupport-0:9.0-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-30T00:00:00Z"}], "bugzilla": {"description": "NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image", "id": "2236130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236130"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-119->CWE-120", "details": ["A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.", "A buffer overflow flaw was found in NTFS-3G. This issue occurs via a crafted metadata in an NTFS image that can cause code execution. A local attacker can exploit this issue if the NTFS-3G binary is setuid root. A physically proximate attacker can exploit this issue if the NTFS-3G software is configured to execute upon attachment of an external storage device.\nAlso this vulnerability may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has physical access to an external port to a computer which is configured to run the ntfs-3g binary or one of the ntfsprogs tools when the external storage is plugged into the computer. This vulnerability results from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflow, which could be exploited by an attacker."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-40284", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libguestfs-winsupport", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:av/libguestfs-winsupport", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt-devel:av/libguestfs-winsupport", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}], "public_date": "2022-10-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40284\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40284\nhttps://www.openwall.com/lists/oss-security/2022/10/31/2"], "statement": "This flaw has a lower impact on Red Hat Enterprise Linux because the ntfs-3g tool is run in a supermin appliance, which is similar to a virtual machine instantiated on the fly, and it does not have the SUID bit set. Thus an attacker is very limited on what he can do to the vulnerable system.", "threat_severity": "Low"}