Your submission was sent successfully! Close

CVE-2022-30783

Published: 26 May 2022

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

Priority

Medium

CVSS 3 base score: 6.7

Status

Package Release Status
ntfs-3g
Launchpad, Ubuntu, Debian
bionic
Released (1:2017.3.23-2ubuntu0.18.04.4)
focal
Released (1:2017.3.23AR.3-3ubuntu1.2)
impish
Released (1:2017.3.23AR.3-3ubuntu5.1)
jammy
Released (1:2021.8.22-3ubuntu1.1)
trusty Needs triage

upstream
Released (1:2022.5.17-1)
xenial Needs triage

Patches:
upstream: https://github.com/tuxera/ntfs-3g/commit/7f81935f32e58e8fec22bc46683b1b067469405f