CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39257 – ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap
https://notcve.org/view.php?id=CVE-2021-39257
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada con un mapa de bits sin asignar puede conllevar a una cadena interminable de llamadas a funciones recursivas (empezando por ntfs_attr_pwrite), causando un consumo de la pila en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39257 https://bugzilla.redhat.com/show_bug.cgi?id=2001656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39258 – ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find()
https://notcve.org/view.php?id=CVE-2021-39258
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar lecturas fuera de límites en las funciones ntfs_attr_find y ntfs_external_attr_find en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39258 https://bugzilla.redhat.com/show_bug.cgi?id=2001658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39262 – ntfs-3g: Out-of-bounds access in ntfs_decompress()
https://notcve.org/view.php?id=CVE-2021-39262
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un acceso fuera de límites en la función ntfs_decompress en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39262 https://bugzilla.redhat.com/show_bug.cgi?id=2001665 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35267 – ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections
https://notcve.org/view.php?id=CVE-2021-35267
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. NTFS-3G versiones anteriores a 2021.8.22, puede ocurrir un desbordamiento del búfer de la pila cuando son corregidas las diferencias en el MFT y el MFTMirror, permitiendo una ejecución de código o una escalada de privilegios cuando es setuid-root The ntfs3g package is susceptible to a stack overflow. When correcting differences between the MFT and MFTMirror, incorrect checks lead to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39255 – ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute
https://notcve.org/view.php?id=CVE-2021-39255
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar una lectura fuera de límites, causada por un atributo no válido en la función ntfs_attr_find_in_attrdef, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.com/security/cve/CVE-2021-39255 https://bugzilla.redhat.com/show_bug.cgi?id=2001653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •