Description
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
Product
http://ntfs-3g.com
Product
http://tuxera.com
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/08/30/1
Third Party Advisory
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4971
Vendor Advisory vendor-advisory
FEDORA-2021-e7c8ba6301
https://lists.fedoraproject.org/archives/list/[email protected]/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
Vendor Advisory vendor-advisory
FEDORA-2021-5b1dac797b
https://lists.fedoraproject.org/archives/list/[email protected]/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202301-01
Scores
CVSS v3
7.8
EPSS
0.0041
EPSS Percentile
33.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-787
Status
published
Products (6)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
33
fedoraproject/fedora
35
tuxera/ntfs-3g
< 2021.8.22
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026