[Epel-packagers-sig] [Bug 2093305] New: CVE-2022-30783 ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic

3 Jun 2022


      https://bugzilla.redhat.com/show_bug.cgi?id=2093305
Bug ID: 2093305
           Summary: CVE-2022-30783 ntfs-3g: invalid return code in
                    fuse_kern_mount enables intercepting of libfuse-lite
                    protocol traffic
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: gsuckevi@redhat.com
                CC: ddepaula@redhat.com,
                    epel-packagers-sig@lists.fedoraproject.org,
                    jferlan@redhat.com, kparal@redhat.com,
                    ngompa13@gmail.com, rjones@redhat.com,
                    spotrh@gmail.com, virt-maint@redhat.com
  Target Milestone: ---
    Classification: Other
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22
when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
https://github.com/tuxera/ntfs-3g/releases
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093305

2025

2024

2023

2022

2021

[Epel-packagers-sig] [Bug 2093305] New: CVE-2022-30783 ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic