CVE-2022-30783

Public on 2022-05-26
Modified on 2024-01-12
Description
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core libguestfs-winsupport 2023-10-30 ALAS2-2023-2332 Fixed
Amazon Linux 2023 ntfs-3g-2021.8.22-2.amzn2022 Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H