CVE-2021-39255

EPSS 0.03%
Veröffentlicht 07.09.2021 15:15:08
Zuletzt bearbeitet 02.12.2025 22:16:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tuxera ≫ Ntfs-3g Version < 2021.8.22

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202301-01

Third Party Advisory

https://www.debian.org/security/2021/dsa-4971

Third Party Advisory

https://github.com/tuxera/ntfs-3g/releases

Third Party Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-39255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39255

EUVD