In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

References

ntfs-3g.com

www.openwall.com/lists/oss-security/2021/08/30/1

github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp

lists.debian.org/debian-lts-announce/2021/11/msg00013.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/

security.gentoo.org/glsa/202301-01

www.debian.org/security/2021/dsa-4971

osv 23

nessus 18

slackware 1

debian 3

openvas 9

mageia 1

altlinux 1

suse 2

redhat 3

fedora 2

almalinux 1

gentoo 1

rocky 1

oraclelinux 1

nvd 13

alpinelinux 13

cvelist 12

prion 11

debiancve 13

cve 10

veracode 13

cnvd 12

redhatcve 9

cbl_mariner 13

ubuntucve 13

osv

CVE-2021-39256

2021-09-07 15:15:08

ntfs-3g - security update

2021-09-09 00:00:00

CVE-2021-39253

2021-09-07 15:15:07

nessus

Debian DLA-2819-1 : ntfs-3g - LTS security update

2021-11-17 00:00:00

Debian DSA-4971-1 : ntfs-3g - security update

2021-09-09 00:00:00

Slackware Linux 14.2 / current ntfs-3g Multiple Vulnerabilities (SSA:2021-243-01)

2021-09-02 00:00:00

slackware

[slackware-security] ntfs-3g

2021-08-31 21:01:05

debian

[SECURITY] [DSA 4971-1] ntfs-3g security update

2021-09-09 19:15:24

[SECURITY] [DSA 4971-1] ntfs-3g security update

2021-09-09 19:15:24

[SECURITY] [DLA 2819-1] ntfs-3g security update

2021-11-16 22:56:32

openvas

Debian: Security Advisory (DLA-2819-1)

2021-11-18 00:00:00

Debian: Security Advisory (DSA-4971-1)

2021-09-10 00:00:00

Mageia: Security Advisory (MGASA-2022-0001)

2022-01-28 00:00:00

mageia

Updated ntfs-3g packages fix security vulnerability

2022-01-03 10:36:40

altlinux

Security fix for the ALT Linux 9 package ntfs-3g version 2:2021.8.22-alt1

2021-09-10 00:00:00

suse

Security update for ntfs-3g_ntfsprogs (important)

2021-09-07 00:00:00

Security update for ntfs-3g_ntfsprogs (important)

2021-09-09 00:00:00

redhat

(RHSA-2021:3704) Moderate: virt:8.2 and virt-devel:8.2 security update

2021-09-30 18:28:50

(RHSA-2021:3703) Moderate: virt:av and virt-devel:av security and bug fix update

2021-09-30 16:19:56

(RHSA-2022:1759) Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2022-05-10 07:59:57

fedora

[SECURITY] Fedora 33 Update: ntfs-3g-2021.8.22-2.fc33

2021-09-23 19:30:16

[SECURITY] Fedora 35 Update: ntfs-3g-2021.8.22-2.fc35

2021-09-24 20:50:50

almalinux

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2022-05-10 07:59:57

gentoo

NTFS-3G: Multiple Vulnerabilities

2023-01-11 00:00:00

rocky

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

2022-05-10 07:59:57

oraclelinux

virt:ol and virt-devel:ol security, bug fix, and enhancement update

2022-05-17 00:00:00

nvd

CVE-2021-39262

2021-09-07 15:15:08

CVE-2021-39263

2021-09-07 15:15:08

CVE-2021-39255

2021-09-07 15:15:08

alpinelinux

CVE-2021-39259

2021-09-07 15:15:00

CVE-2021-39262

2021-09-07 15:15:00

CVE-2021-39263

2021-09-07 15:15:00

cvelist

CVE-2021-39259

2021-09-07 00:00:00

CVE-2021-39263

2021-09-07 00:00:00

CVE-2021-39254

2021-09-07 00:00:00

prion

Out-of-bounds

2021-09-07 15:15:00

Heap overflow

2021-09-07 15:15:00

Heap overflow

2021-09-07 14:15:00

debiancve

CVE-2021-39262

2021-09-07 15:15:08

CVE-2021-39258

2021-09-07 15:15:08

CVE-2021-39254

2021-09-07 15:15:07

cve

CVE-2021-39262

2021-09-07 15:15:08

CVE-2021-39263

2021-09-07 15:15:08

CVE-2021-39256

2021-09-07 15:15:08

veracode

Remote Code Execution (RCE)

2021-09-07 20:27:36

Denial Of Service

2021-09-08 15:35:49

Denial Of Service

2021-09-08 15:35:43

cnvd

Tuxera NTFS-3G out-of-bounds read vulnerability

2021-09-08 00:00:00

Tuxera NTFS-3G integer overflow vulnerability

2021-09-08 00:00:00

Tuxera NTFS-3G has an unspecified vulnerability

2021-10-29 00:00:00

redhatcve

CVE-2021-39263

2021-09-06 18:04:18

CVE-2021-39257

2021-09-06 18:04:11

CVE-2021-39262

2021-09-06 18:04:22

cbl_mariner

CVE-2021-39263 affecting package ntfs-3g for versions less than 2021.8.22-1

2022-04-26 19:57:41

CVE-2021-39255 affecting package ntfs-3g for versions less than 2021.8.22-1

2022-04-26 19:57:41

CVE-2021-39254 affecting package ntfs-3g for versions less than 2021.8.22-1

2022-04-26 19:57:41

ubuntucve

CVE-2021-33287

2021-09-07 00:00:00

CVE-2021-33286

2021-09-07 00:00:00

CVE-2021-39254

2021-09-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

Related for OSV:CVE-2021-35266