CVE-2021-46790

Опубликовано: 25 нояб. 2021

Источник: redhat

CVSS3: 7.8

EPSS Низкий

Описание

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

A vulnerability was found in NTFS-3G, specifically in the ntfsck utility. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	libguestfs-winsupport	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libguestfs-winsupport	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libguestfs-winsupport	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	virt-devel:8.2/libguestfs-winsupport	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	virt-devel:av/libguestfs-winsupport	Will not fix
Red Hat Enterprise Linux 8	virt-devel	Fixed	RHSA-2023:2757	16.05.2023
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2023:2757	16.05.2023
Red Hat Enterprise Linux 9	libguestfs-winsupport	Fixed	RHSA-2023:2179	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2093358ntfs-3g: heap-based buffer overflow in ntfsck

EPSS

Процентиль: 10%

0.00037

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-46790

CVSS3: 7.8

ubuntu

около 3 лет назад

CVE-2021-46790

CVSS3: 7.8

nvd

около 3 лет назад

CVE-2021-46790

CVSS3: 7.8

msrc

около 3 лет назад

Описание отсутствует

CVE-2021-46790

CVSS3: 7.8

debian

около 3 лет назад

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...

GHSA-274j-jr8v-77f7

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 10%

0.00037

Низкий

7.8 High

CVSS3