CVE-2021-33285
- EPSS 0.03%
- Veröffentlicht 07.09.2021 14:15:11
- Zuletzt bearbeitet 03.12.2025 15:15:49
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out...
- EPSS 0.11%
- Veröffentlicht 05.06.2019 15:29:03
- Zuletzt bearbeitet 21.11.2024 04:52:14
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash ...
CVE-2017-0358
- EPSS 8.33%
- Veröffentlicht 13.04.2018 15:29:00
- Zuletzt bearbeitet 04.12.2025 16:15:48
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege esca...