Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:201539
[Rus]
Version
2
Class
patch
ALTXid
421163
Language
English
Severity
High
Title
CentOS Stream 8 -- security update for libguestfs-winsupport
Description
CentOS Stream security update for libguestfs-winsupport.
Family
unix
Platform
CentOS Stream 8
Product
libguestfs-winsupport
Reference
VENDOR: CentOS-Stream-31.01.2023-2662614476
VENDOR: CentOS-Stream-31.01.2023-2662614476
Id:
CentOS-Stream-31.01.2023-2662614476
Reference:
https://feeds.centos.org
CVE: CVE-2021-33285
CVE: CVE-2021-33285
Id:
CVE-2021-33285
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33285
Comment
: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2001608 (MISC)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 (MISC)
https://www.openwall.com/lists/oss-security/2021/08/30/1 (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-33286
CVE: CVE-2021-33286
Id:
CVE-2021-33286
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33286
Comment
: In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
CVE: CVE-2021-33287
CVE: CVE-2021-33287
Id:
CVE-2021-33287
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33287
Comment
: In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
http://tuxera.com (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-33289
CVE: CVE-2021-33289
Id:
CVE-2021-33289
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33289
Comment
: In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-35266
CVE: CVE-2021-35266
Id:
CVE-2021-35266
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35266
Comment
: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-35267
CVE: CVE-2021-35267
Id:
CVE-2021-35267
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35267
Comment
: NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-35268
CVE: CVE-2021-35268
Id:
CVE-2021-35268
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35268
Comment
: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-35269
CVE: CVE-2021-35269
Id:
CVE-2021-35269
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35269
Comment
: NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
http://ntfs-3g.com (MISC)
[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G (MLIST)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-39251
CVE: CVE-2021-39251
Id:
CVE-2021-39251
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39251
Comment
: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2001649 (MISC)
http://www.openwall.com/lists/oss-security/2021/08/30/1 (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 (MISC)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-39252
CVE: CVE-2021-39252
Id:
CVE-2021-39252
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39252
Comment
: A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-39253
CVE: CVE-2021-39253
Id:
CVE-2021-39253
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39253
Comment
: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-39254
CVE: CVE-2021-39254
Id:
CVE-2021-39254
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39254
Comment
: A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-4971 (DEBIAN)
[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2021-e7c8ba6301 ()
FEDORA-2021-5b1dac797b ()
CVE: CVE-2021-46790
CVE: CVE-2021-46790
Id:
CVE-2021-46790
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
Comment
: ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/tuxera/ntfs-3g/issues/16 (MISC)
[oss-security] 20220526 OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0001 (MLIST)
DSA-5160 (DEBIAN)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30783
CVE: CVE-2022-30783
Id:
CVE-2022-30783
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
Comment
: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
252 (Unchecked Return Value)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
[oss-security] 20220607 UNPAR-2022-0 Multiple Vulnerabilities in ntfs-3g NTFS Mount Tool (MLIST)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30784
CVE: CVE-2022-30784
Id:
CVE-2022-30784
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
Comment
: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30785
CVE: CVE-2022-30785
Id:
CVE-2022-30785
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
Comment
: A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
[oss-security] 20220607 UNPAR-2022-0 Multiple Vulnerabilities in ntfs-3g NTFS Mount Tool (MLIST)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30786
CVE: CVE-2022-30786
Id:
CVE-2022-30786
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
Comment
: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30787
CVE: CVE-2022-30787
Id:
CVE-2022-30787
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
Comment
: An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
191 (Integer Underflow (Wrap or Wraparound))
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
[oss-security] 20220607 UNPAR-2022-0 Multiple Vulnerabilities in ntfs-3g NTFS Mount Tool (MLIST)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30788
CVE: CVE-2022-30788
Id:
CVE-2022-30788
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
Comment
: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
CVE: CVE-2022-30789
CVE: CVE-2022-30789
Id:
CVE-2022-30789
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
Comment
: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x (MISC)
https://github.com/tuxera/ntfs-3g/releases (MISC)
DSA-5160 (DEBIAN)
[debian-lts-announce] 20220621 [SECURITY] [DLA 3055-1] ntfs-3g security update (MLIST)
GLSA-202301-01 (GENTOO)
FEDORA-2022-8f775872c9 ()
FEDORA-2022-13bc8c91b0 ()
FEDORA-2022-8fa7e5aeaf ()
FEDORA-2022-1176b501f0 ()
Content available only for registered users!
ovaldb@altx-soft.com