The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.
Base Score: 6.9
Impact Score: 10
Exploitability Score: 3.4
Base Score: 7.8
Impact Score: 5.9
Exploitability Score: 1.8
|153804||RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)||Nessus||Red Hat Local Security Checks|
|153803||RHEL 8 : virt:av and virt-devel:av (RHSA-2021:3703)||Nessus||Red Hat Local Security Checks|
|153195||openSUSE 15 Security Update : ntfs-3g_ntfsprogs (openSUSE-SU-2021:1244-1)||Nessus||SuSE Local Security Checks|
|153182||Debian DSA-4971-1 : ntfs-3g - security update||Nessus||Debian Local Security Checks|
|153124||SUSE SLED12 / SLES12 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2021:2965-1)||Nessus||SuSE Local Security Checks|
|153122||SUSE SLED15 / SLES15 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2021:2971-1)||Nessus||SuSE Local Security Checks|
|153117||openSUSE 15 Security Update : ntfs-3g_ntfsprogs (openSUSE-SU-2021:2971-1)||Nessus||SuSE Local Security Checks|
|152969||Slackware Linux 14.2 / current ntfs-3g Multiple Vulnerabilities (SSA:2021-243-01)||Nessus||Slackware Local Security Checks|