A cikin ntfs-3g mai amfani daga NTFS-3G suite, wanda ke ba da aiwatar da sararin samaniya mai amfani na tsarin fayil na NTFS, an gano raunin CVE-2022-40284, mai yuwuwar ba da izinin aiwatar da lambar tare da haƙƙin tushen a cikin tsarin lokacin. hawa partition na musamman tsara. An warware rashin lafiyar a cikin sakin NTFS-3G 2022.10.3.
Rashin lahani yana faruwa ta hanyar kuskure a cikin lambar don tantance metadata a cikin sassan NTFS, wanda ke haifar da cikar buffer lokacin sarrafa hotuna tare da tsarin fayil na NTFS da aka tsara ta wata hanya. Ana iya kai harin lokacin da mai amfani ya ɗaga hoto ko tuƙi wanda maharin ya shirya, ko kuma lokacin haɗa kebul na USB tare da wani yanki na musamman da aka kera zuwa kwamfutar (idan an saita tsarin don hawa NTFS partitions ta amfani da NTFS-3G). Har yanzu ba a nuna fa'idar aiki don wannan raunin ba.
source: budenet.ru