CVE-2021-35267

Опубликовано: 30 авг. 2021

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

The ntfs3g package is susceptible to a stack overflow. When correcting differences between the MFT and MFTMirror, incorrect checks lead to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	libguestfs-winsupport	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 9	libguestfs-winsupport	Affected
Advanced Virtualization for RHEL 8.2.1	virt	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.2.1	virt-devel	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt	Fixed	RHSA-2021:3703	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt-devel	Fixed	RHSA-2021:3703	30.09.2021
Red Hat Enterprise Linux 8	virt-devel	Fixed	RHSA-2022:1759	10.05.2022
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2022:1759	10.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2001621ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections

EPSS

Процентиль: 23%

0.00072

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-35267

CVSS3: 7.8

ubuntu

почти 4 года назад

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

CVE-2021-35267

CVSS3: 7.8

nvd

почти 4 года назад

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

CVE-2021-35267

CVSS3: 7.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-35267

CVSS3: 7.8

debian

почти 4 года назад

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when c ...

GHSA-3pcq-5mc6-8j3p

CVSS3: 7.8

github

около 3 лет назад

In Tuxera NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

EPSS

Процентиль: 23%

0.00072

Низкий

7.8 High

CVSS3