7.8

CVE-2021-39251

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

Data is provided by the National Vulnerability Database (NVD)
TuxeraNtfs-3g Version < 2021.8.22
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0 SwEdition-
RedhatEnterprise Linux Version8.0 SwEditionadvanced_virtualization
FedoraprojectFedora Version33
FedoraprojectFedora Version35
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.037
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
Third Party Advisory
Mailing List
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2001649
Third Party Advisory
Issue Tracking
https://github.com/tuxera/ntfs-3g/releases
Third Party Advisory
Release Notes