CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40284 – NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image
https://notcve.org/view.php?id=CVE-2022-40284
02 Nov 2022 — A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. Se descubrió un desbordamiento del búfer en NTFS-3G antes de 2022.10.3. • http://www.openwall.com/lists/oss-security/2022/10/31/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30783 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30783
26 May 2022 — An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Un código de retorno no válido en fuse_kern_mount permite interceptar el tráfico del protocolo libfuse-lite entre NTFS-3G y el kernel en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on... • http://www.openwall.com/lists/oss-security/2022/06/07/4 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30784 – ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
https://notcve.org/view.php?id=CVE-2022-30784
26 May 2022 — A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar el agotamiento de la pila en ntfs_get_attribute_value en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The v... • https://github.com/tuxera/ntfs-3g/releases • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30785 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30785
26 May 2022 — A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un manejador de archivos creado en fuse_lib_opendir, y posteriormente usado en fuse_lib_readdir, permite realizar operaciones de lectura y escritura en memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A l... • http://www.openwall.com/lists/oss-security/2022/06/07/4 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30786 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate
https://notcve.org/view.php?id=CVE-2022-30786
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_names_full_collate en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. It was discovered that NTFS-3G incorrectly handled the ntf... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30787 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30787
26 May 2022 — An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un desbordamiento de enteros en fuse_lib_readdir permite realizar operaciones de lectura de memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando se usa libfuse-lite USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Roman Fiedler discovered that NTFS-3G incorrectly handled certain... • http://www.openwall.com/lists/oss-security/2022/06/07/4 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30788 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc
https://notcve.org/view.php?id=CVE-2022-30788
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_mft_rec_alloc en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtualization solution f... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30789 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array
https://notcve.org/view.php?id=CVE-2022-30789
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_check_log_client_array en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtual... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46790 – ntfs-3g: heap-based buffer overflow in ntfsck
https://notcve.org/view.php?id=CVE-2021-46790
02 May 2022 — ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. ntfsck en NTFS-3G versiones hasta 2021.8.22, presenta un desbordamiento del búfer en la región heap de la memoria que afecta al búfer+512*3-2. NOTA: la posición de la corriente principal es que ntfsck está obsoleto; sin embargo, es incluido en algunas distribuciones de Linux A vulnerability was found in NT... • http://www.openwall.com/lists/oss-security/2022/05/26/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35266 – ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname
https://notcve.org/view.php?id=CVE-2021-35266
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. En NTFS-3G versiones anteriores a 2021.8.22, cuando se suministra un nombre de ruta de inodo NTFS especialmente diseñado en una imagen NTFS, puede ocurrir un desbordamiento del búfer de la pila, resultando en una divulgación de memoria, una denegación de servicio e incluso una ejecución de código... • http://ntfs-3g.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •