QwikSec

Security Database

CVE

CWE

Training

CVE-2022-40284

Published: Nov 6, 2022

Modified: May 2, 2025

PUBLISHED

Description

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tuxera/ntfs-3g/releases

http://www.openwall.com/lists/oss-security/2022/10/31/2

[debian-lts-announce] 20221121 [SECURITY] [DLA 3201-1] ntfs-3g security update

mailing-list

FEDORA-2022-4915124227

vendor-advisory

FEDORA-2022-14f11bfc73

vendor-advisory

FEDORA-2022-243616c548

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.