CVE-2021-33289

Опубликовано: 30 авг. 2021

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing the MFT, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	libguestfs-winsupport	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 9	libguestfs-winsupport	Affected
Advanced Virtualization for RHEL 8.2.1	virt	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.2.1	virt-devel	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt	Fixed	RHSA-2021:3703	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt-devel	Fixed	RHSA-2021:3703	30.09.2021
Red Hat Enterprise Linux 8	virt-devel	Fixed	RHSA-2022:1759	10.05.2022
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2022:1759	10.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2001616ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section

EPSS

Процентиль: 26%

0.00084

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-33289

CVSS3: 7.8

ubuntu

почти 4 года назад

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

CVE-2021-33289

CVSS3: 7.8

nvd

почти 4 года назад

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

CVE-2021-33289

CVSS3: 7.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-33289

CVSS3: 7.8

debian

почти 4 года назад

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section ...

GHSA-r663-2xfr-f623

CVSS3: 7.8

github

около 3 лет назад

In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

EPSS

Процентиль: 26%

0.00084

Низкий

7.8 High

CVSS3