CVE-2023-52890

EUVD-2023-59645
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.5 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Debian logo
Debian Releases
Debian Product
Codename
ntfs-3g
bookworm
1:2022.10.3-1+deb12u2
fixed
bullseye
1:2017.3.23AR.3-4+deb11u4
fixed
bullseye (security)
vulnerable
buster
postponed
sid
1:2022.10.3-5
fixed
trixie
1:2022.10.3-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntfs-3g
bionic
needed
focal
needed
jammy
needed
mantic
ignored
noble
needed
oracular
needed
trusty
ignored
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libntfs-3g-devel
suse enterprise desktop 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise workstation 15 SP5
2022.5.17-150000.3.21.1
fixed
libntfs-3g87
suse enterprise desktop 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise workstation 15 SP5
2022.5.17-150000.3.21.1
fixed
ntfs-3g
suse enterprise desktop 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise workstation 15 SP5
2022.5.17-150000.3.21.1
fixed
ntfsprogs
suse enterprise desktop 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise desktop 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise sap 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP5
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP6
2022.5.17-150000.3.21.1
fixed
suse enterprise server 15 SP7
2022.5.17-150000.3.21.1
fixed
suse enterprise workstation 15 SP5
2022.5.17-150000.3.21.1
fixed
References
https://github.com/tuxera/ntfs-3g/issues/84
https://github.com/tuxera/ntfs-3g/issues/84