A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases
Created ntfs-3g tracking bugs for this issue: Affects: epel-all [bug 2093350] Affects: fedora-all [bug 2093349] Created ntfs-3g-system-compression tracking bugs for this issue: Affects: epel-all [bug 2093353] Affects: fedora-all [bug 2093352] Created ntfs2btrfs tracking bugs for this issue: Affects: fedora-all [bug 2093351]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2179 https://access.redhat.com/errata/RHSA-2023:2179
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2757 https://access.redhat.com/errata/RHSA-2023:2757
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-30789