The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
Base Score: 6.9
Impact Score: 10
Exploitability Score: 3.4
Base Score: 7.8
Impact Score: 5.9
Exploitability Score: 1.8
|153804||RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)||Nessus||Red Hat Local Security Checks|
|153803||RHEL 8 : virt:av and virt-devel:av (RHSA-2021:3703)||Nessus||Red Hat Local Security Checks|
|153182||Debian DSA-4971-1 : ntfs-3g - security update||Nessus||Debian Local Security Checks|
|152969||Slackware Linux 14.2 / current ntfs-3g Multiple Vulnerabilities (SSA:2021-243-01)||Nessus||Slackware Local Security Checks|