QID 356566
Date Published: 2023-11-09
QID 356566: Amazon Linux Security Advisory for libguestfs-winsupport : ALAS2-2023-2332
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between ntfs-3g and the kernel in ntfs-3g through 2021.8.22 when using libfuse-lite. (
( CVE-2022-30783) a crafted ntfs image can cause heap exhaustion in ntfs_get_attribute_value in ntfs-3g through 2021.8.22. (
( CVE-2022-30784) a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in ntfs-3g through 2021.8.22 when using libfuse-lite. (
( CVE-2022-30785) a crafted ntfs image can cause a heap-based buffer overflow in ntfs_names_full_collate in ntfs-3g through 2021.8.22. (
( CVE-2022-30786) an integer underflow in fuse_lib_readdir enables arbitrary memory read operations in ntfs-3g through 2021.8.22 when using libfuse-lite. (
( CVE-2022-30787) a crafted ntfs image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in ntfs-3g through 2021.8.22. (
( CVE-2022-30788) a crafted ntfs image can cause a heap-based buffer overflow in ntfs_check_log_client_array in ntfs-3g through 2021.8.22. (
( CVE-2022-30789)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2023-2332 -
alas.aws.amazon.com/AL2/ALAS-2023-2332.html
CVEs related to QID 356566
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2023-2332 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2023-2332.html |