Vulnerability Details CVE-2021-33287
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
- http://ntfs-3g.com
- http://tuxera.com
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2021/dsa-4971
- http://ntfs-3g.com
- http://tuxera.com
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2021/dsa-4971
Products affected by CVE-2021-33287
-
cpe:2.3:a:tuxera:ntfs-3g:-
-
cpe:2.3:a:tuxera:ntfs-3g:2009.1.1
-
cpe:2.3:a:tuxera:ntfs-3g:2009.11.14
-
cpe:2.3:a:tuxera:ntfs-3g:2009.2.1
-
cpe:2.3:a:tuxera:ntfs-3g:2009.3.8
-
cpe:2.3:a:tuxera:ntfs-3g:2009.4.4
-
cpe:2.3:a:tuxera:ntfs-3g:2010.1.16
-
cpe:2.3:a:tuxera:ntfs-3g:2010.10.2
-
cpe:2.3:a:tuxera:ntfs-3g:2010.3.6
-
cpe:2.3:a:tuxera:ntfs-3g:2010.5.16
-
cpe:2.3:a:tuxera:ntfs-3g:2010.5.22
-
cpe:2.3:a:tuxera:ntfs-3g:2010.8.8
-
cpe:2.3:a:tuxera:ntfs-3g:2011.1.15
-
cpe:2.3:a:tuxera:ntfs-3g:2011.4.12
-
cpe:2.3:a:tuxera:ntfs-3g:2012.1.15
-
cpe:2.3:a:tuxera:ntfs-3g:2013.1.13
-
cpe:2.3:a:tuxera:ntfs-3g:2014.2.15
-
cpe:2.3:a:tuxera:ntfs-3g:2015.3.14
-
cpe:2.3:a:tuxera:ntfs-3g:2016.2.22
-
cpe:2.3:a:tuxera:ntfs-3g:2017.3.23
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:35