PT-2021-5773 · Ntfs-3G+7 · Ntfs-3G+7

Published

2021-08-17

Updated

2024-06-15

CVE-2021-39255

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NTFS-3G versions prior to 2021.8.22

Description The issue is related to an out-of-bounds read in the ntfs attr find in attrdef function of the NTFS-3G file system driver. This can be triggered by a crafted NTFS image, allowing an attacker to access confidential data, compromise its integrity, and potentially cause a denial of service. The exploitation is caused by an invalid attribute in the ntfs attr find in attrdef function.

Recommendations For versions prior to 2021.8.22, update to version 2021.8.22 or later to resolve the issue. As a temporary workaround, consider restricting access to NTFS images from untrusted sources to minimize the risk of exploitation.

Fix

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

ALSA-2022:1759

ALT-PU-2021-2673

ALT-PU-2021-2730

ALT-PU-2021-2767

ALT-PU-2022-2244

AZL-6760

BDU:2022-00222

CESA-2022_1759

CVE-2021-39255

DLA-2819-1

DSA-4971-1

GHSA-Q759-8J5V-Q5JP

MGASA-2022-0001

OESA-2021-1365

OPENSUSE-SU-2021:1244-1

OPENSUSE-SU-2021:2971-1

OPENSUSE-SU-2021_1244-1

OPENSUSE-SU-2021_2971-1

OPENSUSE-SU-2024:11101-1

RHSA-2021:3703

RHSA-2021:3704

RHSA-2022:1759

RHSA-2022_1759

RLSA-2022:1759

SUSE-SU-2021:2965-1

SUSE-SU-2021:2971-1

USN-5060-1

USN-5060-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Ntfs-3G

Red Hat

Rocky Linux

Suse

PT-2021-5773 · Ntfs-3G+7 · Ntfs-3G+7

CVE-2021-39255

Weakness Enumeration

Related Identifiers

Affected Products

References · 249