CVE-2020-6106

CVE-2020-6106

Name

CVE-2020-6106

Description

An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
Third Party Advisory	https://security.gentoo.org/glsa/202101-26

Type

URI

Exploit

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048

Third Party Advisory

https://security.gentoo.org/glsa/202101-26

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:f2fs-tools_project:f2fs-tools::::::::`	f2fs-tools	>= None	< 1.14.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:f2fs-tools_project:f2fs-tools:*:*:*:*:*:*:*:*

f2fs-tools

>= None

< 1.14.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
f2fs-tools	edge-main	1.14.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
f2fs-tools	3.22-main	1.14.0-r0	None	fixed
f2fs-tools	3.21-main	1.14.0-r0	None	fixed
f2fs-tools	3.20-main	1.14.0-r0	None	fixed
f2fs-tools	3.19-main	1.14.0-r0	None	fixed
f2fs-tools	3.12-main	1.13.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
f2fs-tools	3.11-main	1.13.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
f2fs-tools	3.10-main	1.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

f2fs-tools

edge-main

1.14.0-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

f2fs-tools

3.22-main