Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39259 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-01-13 | 6.9 MEDIUM | 7.8 HIGH |
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | |||||
CVE-2021-39260 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-01-13 | 6.9 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | |||||
CVE-2021-39261 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-01-13 | 6.9 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | |||||
CVE-2022-30787 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 6.7 MEDIUM |
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
CVE-2022-30785 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 7.2 HIGH | 6.7 MEDIUM |
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
CVE-2022-30784 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | |||||
CVE-2022-30789 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | |||||
CVE-2022-30788 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | |||||
CVE-2022-30786 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | |||||
CVE-2021-46790 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2022-09-19 | 4.6 MEDIUM | 7.8 HIGH |
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | |||||
CVE-2019-9755 | 2 Redhat, Tuxera | 6 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server and 3 more | 2022-04-26 | 4.4 MEDIUM | 7.0 HIGH |
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. | |||||
CVE-2017-0358 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. |