CVE-2021-39253 – ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
https://notcve.org/view.php?id=CVE-2021-39253
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de límites en la función ntfs_runlists_merge_i en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2021-39256 – ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name()
https://notcve.org/view.php?id=CVE-2021-39256
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en la función ntfs_inode_lookup_by_name en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39256 https://bugzilla.redhat.com/show_bug.cgi?id=2001654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-35268 – ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode
https://notcve.org/view.php?id=CVE-2021-35268
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. En NTFS-3G versiones anteriores a 2021.8.22, cuando es cargado un inodo NTFS especialmente diseñado en la función ntfs_inode_real_open, puede ocurrir un desbordamiento del búfer de la pila, permitiendo una ejecución de código y una escalada de privilegios The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS inodes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-35269 – ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT
https://notcve.org/view.php?id=CVE-2021-35269
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. NTFS-3G versiones anteriores a 2021.8.22, cuando un atributo NTFS especialmente diseñado de la MFT es configurado en la función ntfs_attr_setup_flag, un desbordamiento de búfer de la pila puede ocurrir permitiendo una ejecución de código y una escalada de privilegios The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-39263 – ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute
https://notcve.org/view.php?id=CVE-2021-39263
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar un desbordamiento del búfer basado en la pila, causado por un atributo no saneado en la función ntfs_get_attribute_value, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39263 https://bugzilla.redhat.com/show_bug.cgi?id=2001667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •