CVE-2021-39257

Опубликовано: 30 авг. 2021

Источник: redhat

CVSS3: 5.5

Описание

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	libguestfs-winsupport	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libguestfs-winsupport	Affected
Red Hat Enterprise Linux 9	libguestfs-winsupport	Affected
Advanced Virtualization for RHEL 8.2.1	virt	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.2.1	virt-devel	Fixed	RHSA-2021:3704	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt	Fixed	RHSA-2021:3703	30.09.2021
Advanced Virtualization for RHEL 8.4.0.Z	virt-devel	Fixed	RHSA-2021:3703	30.09.2021
Red Hat Enterprise Linux 8	virt-devel	Fixed	RHSA-2022:1759	10.05.2022
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2022:1759	10.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2001656ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-39257

CVSS3: 5.5

ubuntu

почти 4 года назад

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

CVE-2021-39257

CVSS3: 5.5

nvd

почти 4 года назад

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

CVE-2021-39257

CVSS3: 5.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-39257

CVSS3: 5.5

debian

почти 4 года назад

A crafted NTFS image with an unallocated bitmap can lead to a endless ...

GHSA-c7hf-64rq-w8mm

CVSS3: 5.5

github

около 3 лет назад

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

5.5 Medium

CVSS3