CVE-2021-35267
ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
NTFS-3G versiones anteriores a 2021.8.22, puede ocurrir un desbordamiento del búfer de la pila cuando son corregidas las diferencias en el MFT y el MFTMirror, permitiendo una ejecución de código o una escalada de privilegios cuando es setuid-root
The ntfs3g package is susceptible to a stack overflow. When correcting differences between the MFT and MFTMirror, incorrect checks lead to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-23 CVE Reserved
- 2021-09-07 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/08/30/1 | Mailing List |
|
| https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tuxera Search vendor "Tuxera" | Ntfs-3g Search vendor "Tuxera" for product "Ntfs-3g" | < 2021.8.22 Search vendor "Tuxera" for product "Ntfs-3g" and version " < 2021.8.22" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||