AVG-2749 log

Package	ntfs-3g
Status	Fixed
Severity	Unknown
Type	unknown
Affected	2021.8.22-1
Fixed	2022.5.17-1
Current	2022.10.3-1 [extra]
Ticket	None
Created	Mon Jun 6 18:09:09 2022

Issue	Severity	Remote	Type	Description
CVE-2022-30789	Unknown	Unknown	Unknown	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788	Unknown	Unknown	Unknown	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786	Unknown	Unknown	Unknown	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784	Unknown	Unknown	Unknown	A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

References
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://www.openwall.com/lists/oss-security/2022/05/26/1

References

https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
https://www.openwall.com/lists/oss-security/2022/05/26/1

Notes
didn't add CVE-2021-46790 (CVSS 9.8) because `ntfsck` is not provided by `ntfs-3g`, although I yet have to check wether it was present in the previous version or removed when it was deprecated TODO: look up wether ntfs-3g is built with the internal libfuse or not as it determines wether the second advisory applies

Notes

didn't add CVE-2021-46790 (CVSS 9.8) because `ntfsck` is not provided by `ntfs-3g`, although I yet have to check wether it was present in the previous version or removed when it was deprecated

TODO: look up wether ntfs-3g is built with the internal libfuse or not as it determines wether the second advisory applies