CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
exfatprogs is vulnerable to Out Of Bounds Write. The vulnerability is found in the read_file_dentry_set function within exfat2img.c. When the SecondaryCount exceeds a threshold of (2 plus the maximum number of File Name entries), it could potentially lead to writing data to memory locations beyond the intended buffer, possibly resulting in memory corruption or unintended behavior
dfir.ru/2023/11/01/cve-2023-45897-a-vulnerability-in-the-linux-exfat-userspace-tools/
github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4
github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf
github.com/exfatprogs/exfatprogs/releases/tag/1.2.2
security-tracker.debian.org/tracker/CVE-2023-45897