Integer Underflow (Wrap or Wraparound)

CVE-2022-30787

Medium

6.7/10

Summary

An Integer Underflow vulnerability has been found in package NTFS-3G, affecting versions N1_2121RC through N1_5222_RC, N2008_06_30_143340 through N2011_1_15, and 2011.3.26 through 2021.8.22 that are using internal 'libfuse-lite' library. The 'fuse_lib_readdir' method enables arbitrary memory read operations.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-191 - Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

Advisory
Release Note

Advisory Timeline

Published May 26, 2022

Integer Underflow (Wrap or Wraparound)

CVE-2022-30787

Summary

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS