CVE-2022-46174

CVSS V2 None CVSS V3 None
Description
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.
Overview
  • CVE ID
  • CVE-2022-46174
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-28T07:15:08
  • Last Modified Date
  • 2023-01-11T16:16:07
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:amazon:efs-utils:*:*:*:*:*:*:*:* 1 OR 1.34.4
cpe:2.3:a:amazon:elastic_file_system_container_storage_interface_driver:*:*:*:*:*:go:*:* 1 OR 1.4.8
References
Reference URL Reference Tags
https://github.com/aws/efs-utils/commit/f3a8f88167d55caa2f78aeb72d4dc1987a9ed62d
https://github.com/aws/efs-utils/issues/125
https://github.com/aws/efs-utils/security/advisories/GHSA-4fv8-w65m-3932
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-46174
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46174
History
Created Old Value New Value Data Type Notes
2022-12-28 08:14:37 Added to TrackCVE
2022-12-28 08:14:37 Weakness Enumeration new
2022-12-28 12:14:56 2022-12-28T10:18:56 CVE Modified Date updated
2022-12-28 12:14:56 Received Awaiting Analysis Vulnerability Status updated
2023-01-05 12:18:51 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-12 05:15:34 2023-01-11T16:16:07 CVE Modified Date updated
2023-01-12 05:15:34 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-12 05:15:35 CPE Information updated