Vulnerability Details CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.0%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 4.4
References
- https://access.redhat.com/errata/RHBA-2019:3723
- https://access.redhat.com/errata/RHSA-2019:2308
- https://access.redhat.com/errata/RHSA-2019:3345
- https://security.gentoo.org/glsa/202007-45
- https://www.tuxera.com/community/release-history/
- https://access.redhat.com/errata/RHBA-2019:3723
- https://access.redhat.com/errata/RHSA-2019:2308
- https://access.redhat.com/errata/RHSA-2019:3345
- https://security.gentoo.org/glsa/202007-45
- https://www.tuxera.com/community/release-history/
Products affected by CVE-2019-9755
-
cpe:2.3:a:tuxera:ntfs-3g:2017.3.23
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.1
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4