CVE-2023-52890

low-risk
Published 2024-06-13

NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.5/10 Medium
LOCAL / HIGH complexity

References (2)

https://github.com/tuxera/ntfs-3g/issues/84
https://github.com/tuxera/ntfs-3g/issues/84
17
/ 100
low-risk
Severity 12/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal