{"id":"CVE-2022-40284","details":"A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.","modified":"2026-04-16T00:04:31.222534407Z","published":"2022-11-06T23:15:09.463Z","related":["ALSA-2023:5264","ALSA-2023:6167","SUSE-SU-2022:3865-1","SUSE-SU-2022:3866-1","openSUSE-SU-2024:12473-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"35"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"36"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"37"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BOQ7YLFT43KLXEN3EB6CS4DP635RJWP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IA2D4PYOR7ABI7BWBMMMYKY2OPHTV2NI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGDKGXA4R2ZVUQ3CT4D4YGTFMNZQA7HW/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/10/31/2"},{"type":"ADVISORY","url":"https://github.com/tuxera/ntfs-3g/releases"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00029.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202301-01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tuxera/ntfs-3g","events":[{"introduced":"0"},{"fixed":"78414d93613532fd82f3a82aba5d4a1c32898781"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2022.10.3"}],"cpe":"cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*"}}],"versions":["2011_3_26","2014.2.15","2015.3.13","2015.3.14","2015.3.5","2016.2.15","2016.2.22","2017.2.15","2017.3.23","2021.5.19","2021.8.14","2021.8.22","2022.5.17","N0_20061031_BETA","N0_20061115_BETA","N0_20061212_BETA","N0_20061218_BETA","N0_20070102_BETA","N0_20070116_BETA","N0_20070118_BETA","N0_20070207_RC1","N1_0","N1_320_RC","N1_328","N1_411_RC","N1_416","N1_417","N1_516","N1_612_RC","N1_616","N1_710","N1_810","N1_826","N1_910_RC","N1_913","N2006_11_07_011225","N2006_11_08_220332","N2006_11_08_233131","N2006_11_11_005720","N2006_11_11_010308","N2006_11_11_013125","N2006_11_11_220751","N2006_11_14_010037","N2006_11_14_220946","N2009_10_03_095644","N2009_10_03_104125","N2010_10_2","N2010_2_6","N2010_5_16","N2010_5_22","N2010_6_30_RC","N2010_6_31_RC","N2010_7_23_RC","N2010_8_8","PERMISSION_HANDLING_BASE_20070925","R2009_10_5_RC","start","v2011_10_9_RC","v2011_3_26","v2011_3_28_RC","v2011_4_10","v2011_4_11","v2011_4_12","v2012_1_15","v2013_1_13"],"database_specific":{"vanir_signatures_modified":"2026-04-12T05:06:23Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40284.json","vanir_signatures":[{"id":"CVE-2022-40284-95bd24cb","signature_type":"Line","target":{"file":"src/ntfs-3g.c"},"signature_version":"v1","source":"https://github.com/tuxera/ntfs-3g/commit/78414d93613532fd82f3a82aba5d4a1c32898781","deprecated":false,"digest":{"line_hashes":["229114391697958096691432936098819842262","121519476808419324359138408051850792601","162880585381817795634419956231716962859"],"threshold":0.9}},{"id":"CVE-2022-40284-ae3f4538","signature_type":"Line","target":{"file":"src/lowntfs-3g.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/tuxera/ntfs-3g/commit/78414d93613532fd82f3a82aba5d4a1c32898781","digest":{"line_hashes":["6026667066006274991699535869917555024","64192165873624888343770117488607838199","81121319675522598436247948911860345528"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}