Bugzilla – Bug 1226007
VUL-0: CVE-2023-52890: ntfs-3g_ntfsprogs: use-after-free in 'ntfs_uppercase_mbs' in unistr.c
Last modified: 2024-06-18 16:30:05 UTC
Use after free in ntfs_uppercase_mbs() of libntfs-3g If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence, then 'n' will be less than 0 and the loop will terminate without storing anything in '*t'. After the loop the uppercase string's allocation is freed, however after it is freed it is unconditionally accessed through '*t', which points into the freed allocation, for the purpose of NULL- terminating the string. This leads to a use-after-free. Fixed by only NULL-terminating the string when no error has been thrown. References: https://github.com/tuxera/ntfs-3g/issues/84 Patch: https://github.com/tuxera/ntfs-3g/commit/75dcdc2cf37478fad6c0e3427403d198b554951d
Tracking as affected: - openSUSE:Factory/ntfs-3g_ntfsprogs - SUSE:ALP:Source:Standard:1.0/ntfs-3g_ntfsprogs - SUSE:SLE-15:Update/ntfs-3g_ntfsprogs - SUSE:SLE-12:Update/ntfs-3g_ntfsprogs
CVE-2023-52890 was assigned, can you resubmit with this CVE?
SUSE-SU-2024:2074-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1226007 CVE References: CVE-2023-52890 Maintenance Incident: [SUSE:Maintenance:34324](https://smelt.suse.de/incident/34324/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ntfs-3g_ntfsprogs-2022.5.17-5.20.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): ntfs-3g_ntfsprogs-2022.5.17-5.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.