libguestfs-winsupport is vulnerable to heap-based buffer overflow. An attacker can run /bin/ntfs-3g
with a malicious file, even causing local access escalation attack if the /bin/ntfs-3g
is a setuid-root binary.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHBA-2019:3723
access.redhat.com/errata/RHSA-2019:2308
access.redhat.com/errata/RHSA-2019:3345
access.redhat.com/security/updates/classification/#low
security.gentoo.org/glsa/202007-45
www.tuxera.com/community/release-history/