2246976 – (CVE-2023-45897) CVE-2023-45897 exfatprogs: exfatprogs allows out-of-bounds memory access

Bug 2246976 (CVE-2023-45897) - CVE-2023-45897 exfatprogs: exfatprogs allows out-of-bounds memory access

Summary: CVE-2023-45897 exfatprogs: exfatprogs allows out-of-bounds memory access

Keywords:
Status:	NEW
Alias:	CVE-2023-45897
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2248680 2248681
Blocks:	2246977
TreeView+	depends on / blocked

Reported:	2023-10-30 09:44 UTC by Avinash Hanwate
Modified:	2024-04-30 10:51 UTC (History)
CC List:	0 users
Fixed In Version:	exfatprogs 1.2.2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Exfatprogs, a userspace utility that contains all of the standard utilities for creating, fixing, and debugging the exfat filesystem in the linux system.This issue may allow out-of-bounds memory access such as in read_file_dentry_set. To exploit this vulnerability, the attacker must possess authorization with privileges granting basic user capabilities, and can achieve out-of-bounds memory access.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:2437	0	None	None	None	2024-04-30 10:51:12 UTC

Description Avinash Hanwate 2023-10-30 09:44:52 UTC

exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.

https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4
https://github.com/exfatprogs/exfatprogs/releases/tag/1.2.2
https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf

Comment 2 TEJ RATHI 2023-11-08 10:36:53 UTC

Created exfatprogs tracking bugs for this issue:

Affects: epel-all [bug 2248681]
Affects: fedora-38 [bug 2248680]

Comment 3 errata-xmlrpc 2024-04-30 10:51:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2437 https://access.redhat.com/errata/RHSA-2024:2437

Note You need to log in before you can comment on or make changes to this bug.