CVE-2021-33287 – ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes
https://notcve.org/view.php?id=CVE-2021-33287
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. En NTFS-3G versiones anteriores a 2021.8.22, cuando se leen atributos NTFS especialmente diseñados en la función ntfs_attr_pread_i, puede ocurrir un desbordamiento del búfer de la pila y permitir la escritura en memoria arbitraria o la denegación de servicio de la aplicación The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://tuxera.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-39254 – ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()
https://notcve.org/view.php?id=CVE-2021-39254
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento de enteros en memmove, lo que conlleva un desbordamiento del búfer basado en la pila en la función ntfs_attr_record_resize, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. A crafted NTFS image with invalid values could trigger an improper check. This incorrect check causes an integer overflow which then leads to a heap overflow. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVE-2021-39259 – ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length
https://notcve.org/view.php?id=CVE-2021-39259
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar un acceso fuera de límites, causado por una longitud de atributo no saneada en la función ntfs_inode_lookup_by_name, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39259 https://bugzilla.redhat.com/show_bug.cgi?id=2001659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-39253 – ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
https://notcve.org/view.php?id=CVE-2021-39253
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de límites en la función ntfs_runlists_merge_i en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2021-39256 – ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name()
https://notcve.org/view.php?id=CVE-2021-39256
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en la función ntfs_inode_lookup_by_name en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39256 https://bugzilla.redhat.com/show_bug.cgi?id=2001654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •