AZL-42652

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42652.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-42652

Upstream

CVE-2023-52890

Published

2024-06-13T04:15:15Z

Modified

2026-04-21T04:30:41.670307Z

Summary

CVE-2023-52890 affecting package ntfs-3g for versions less than 2022.10.3-2

Details

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-52890

Affected packages

Azure Linux:3 / ntfs-3g

Package

Name: ntfs-3g
Purl: pkg:rpm/azure-linux/ntfs-3g

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022.10.3-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42652.json"