CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-33285 – ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records
https://notcve.org/view.php?id=CVE-2021-33285
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing... • http://www.openwall.com/lists/oss-security/2021/08/30/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33286 – ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string
https://notcve.org/view.php?id=CVE-2021-33286
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. En NTFS-3G versiones anteriores a 2021.8.22, cuando se suministra una cadena unicode especialmente diseñada en una imagen NTFS puede ocurrir un desbordamiento del búfer de la pila y permitir la ejecución de código The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds chec... • http://ntfs-3g.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33287 – ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes
https://notcve.org/view.php?id=CVE-2021-33287
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. En NTFS-3G versiones anteriores a 2021.8.22, cuando se leen atributos NTFS especialmente diseñados en la función ntfs_attr_pread_i, puede ocurrir un desbordamiento del búfer de la pila y permitir la escritura en memoria arbitraria o la denegación de servicio de la aplicación The ... • http://ntfs-3g.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33289 – ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section
https://notcve.org/view.php?id=CVE-2021-33289
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. En NTFS-3G versiones anteriores a 2021.8.22, cuando se suministra una sección MFT especialmente manipulada en una imagen NTFS, puede producirse un desbordamiento del búfer de la pila y permitir la ejecución de código The ntfs3g package is susceptible to a heap overflow on crafted input. When processing the MFT, proper bounds checking was not enforc... • http://ntfs-3g.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-39251 – ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open()
https://notcve.org/view.php?id=CVE-2021-39251
07 Sep 2021 — A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una desreferencia de puntero NULL en la función ntfs_extent_inode_open en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation attack. When processing a crafted NTFS image there is an improper check. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Kernel-based... • http://www.openwall.com/lists/oss-security/2021/08/30/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39252 – ntfs-3g: Out-of-bounds read in ntfs_ie_lookup()
https://notcve.org/view.php?id=CVE-2021-39252
07 Sep 2021 — A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de los límites en la función ntfs_ie_lookup en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39253 – ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
https://notcve.org/view.php?id=CVE-2021-39253
07 Sep 2021 — A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de límites en la función ntfs_runlists_merge_i en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39254 – ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()
https://notcve.org/view.php?id=CVE-2021-39254
07 Sep 2021 — A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento de enteros en memmove, lo que conlleva un desbordamiento del búfer basado en la pila en la función ntfs_attr_record_resize, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. A crafted NTFS image with invalid values could trigger an... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39255 – ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute
https://notcve.org/view.php?id=CVE-2021-39255
07 Sep 2021 — A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar una lectura fuera de límites, causada por un atributo no válido en la función ntfs_attr_find_in_attrdef, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The h... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39256 – ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name()
https://notcve.org/view.php?id=CVE-2021-39256
07 Sep 2021 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en la función ntfs_inode_lookup_by_name en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability i... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •