Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-39254

Опубликовано: 30 авг. 2021
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

The ntfs3g package is susceptible to an input validation flaw. A crafted NTFS image with invalid values could trigger an improper check. This incorrect check causes an integer overflow which then leads to a heap overflow. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7libguestfs-winsupportOut of support scope
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/libguestfs-winsupportAffected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libguestfs-winsupportAffected
Red Hat Enterprise Linux 9libguestfs-winsupportAffected
Advanced Virtualization for RHEL 8.2.1virtFixedRHSA-2021:370430.09.2021
Advanced Virtualization for RHEL 8.2.1virt-develFixedRHSA-2021:370430.09.2021
Advanced Virtualization for RHEL 8.4.0.ZvirtFixedRHSA-2021:370330.09.2021
Advanced Virtualization for RHEL 8.4.0.Zvirt-develFixedRHSA-2021:370330.09.2021
Red Hat Enterprise Linux 8virt-develFixedRHSA-2022:175910.05.2022
Red Hat Enterprise Linux 8virtFixedRHSA-2022:175910.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2001652ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()

EPSS

Процентиль: 3%
0.00018
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-39254

CVSS3: 7.8
ubuntu
почти 4 года назад

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

nvd логотип

CVE-2021-39254

CVSS3: 7.8
nvd
почти 4 года назад

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

msrc логотип

CVE-2021-39254

CVSS3: 7.8
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-39254

CVSS3: 7.8
debian
почти 4 года назад

A crafted NTFS image can cause an integer overflow in memmove, leading ...

github логотип

GHSA-j6xg-g9vq-x958

CVSS3: 7.8
github
около 3 лет назад

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

EPSS

Процентиль: 3%
0.00018
Низкий

7.8 High

CVSS3