Lucene search
K

37 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...

7.8CVSS7.2AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 5:50 a.m.6 views

OESA-2026-2104 ntfs-3g security update

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. Security Fixes: A heap buff...

8.4CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 10:16 p.m.9 views

ALPINE-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

8.4CVSS5.6AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 10:16 p.m.7 views

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

8.4CVSS0.00165EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.3 views

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:2757)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...

7.8CVSS7.5AI score0.05552EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.27 views

CentOS 9 : libguestfs-winsupport-9.2-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libguestfs-winsupport-9.2-1.el9 build changelog. - ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. NOTE: the upstream position is...

7.8CVSS7.7AI score0.00504EPSS
Exploits1References9
AlmaLinux
AlmaLinux
added 2023/05/16 12:0 a.m.71 views

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

7.8CVSS7.5AI score0.05552EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2023/05/09 9:51 a.m.8 views

ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate

A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition...

7.8CVSS7.3AI score0.00431EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39252

A crafted NTFS image can cause an out-of-bounds read in ntfsielookup in NTFS-3G 2021.8.22...

7.8CVSS7.1AI score0.00426EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.6 views

SUSE CVE-2021-39259

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfsinodelookupbyname, in NTFS-3G 2021.8.22...

7.8CVSS6.6AI score0.00418EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

6.4CVSS9AI score0.00431EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/05/26 12:0 a.m.2 views

CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22...

7AI score0.00431EPSS
Exploits0References9
CVE
CVE
added 2022/05/26 12:0 a.m.144 views

CVE-2022-30784

CVE-2022-30784 affects NTFS-3G up to and including 2021.8.22. A crafted NTFS image can cause a heap exhaustion in ntfs_get_attribute_value, with CVSSv3.1 vectors indicating LOCAL, LOW CWE, but HIGH confidentiality, integrity, and availability impact. The vulnerability is exposed via NTFS-3G’s FUS...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.5 views

ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()

The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.7AI score0.00423EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.6 views

The vulnerability of the ntfs_ie_lookup function in the NTFS file system driver for the FUSE NTFS-3G module arises from the reading beyond the allowed buffer data limits. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ntfsielookup function in the NTFS file system driver for the FUSE NTFS-3G module relates to reading data from beyond the allowed limits of the buffer. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause...

7.8CVSS6.6AI score0.00426EPSS
Exploits0References11Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the `ntfs_extent inode_open` function in the NTFS file system driver for the FUSE NTFS-3G module, related to pointer swapping errors, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ntfsextent inodeopen function in the NTFS file system driver for the FUSE NTFS-3G module is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures through th...

7.8CVSS6.6AI score0.00416EPSS
Exploits0References11Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.4 views

The vulnerability of the `ntfsattr_pwrite` function in the NTFS file system driver for the FUSE NTFS-3G module, related to an uncontrolled recursion, allows a hacker to cause a service failure.

The vulnerability of the ntfsattrpwrite function in the NTFS file system driver for the FUSE NTFS-3G module is related to an uncontrolled recursion. Exploiting this vulnerability could allow a attacker to cause a service failure by using a specially created NTFS image...

5.5CVSS6.6AI score0.00396EPSS
Exploits0References11Affected Software5
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.6 views

A crafted NTFS image can trigger a heap-based buffer overflow caused by an unsanitized attribute in ntfs_get_attribute_value in NTFS-3G < 2021.8.22.

...

7.8CVSS8.5AI score0.00456EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.5 views

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

...

7.8CVSS8.5AI score0.00418EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.5 views

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G < 2021.8.22.

...

5.5CVSS8.5AI score0.00396EPSS
Exploits0
Rows per page
Query Builder