CVE-2019-9755 — Integer Underflow (Wrap or Wraparound) in Ntfs-3g
Severity
7.0HIGHNVD
EPSS
0.1%
top 71.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 5
Latest updateMay 24
Description
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages3 packages
Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4
🔴Vulnerability Details
3📋Vendor Advisories
4Microsoft▶
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to c↗2019-06-11
Debian▶
CVE-2019-9755: ntfs-3g - An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could p...↗2019
💬Community
3Bugzilla▶
CVE-2019-9755 ntfs-3g: heap-based buffer overflow leads to local root privilege escalation↗2019-03-22
Bugzilla▶
CVE-2019-9755 ntfs-3g: heap-based buffer overflow leads to local root privilege escalation [fedora-all]↗2019-03-22
Bugzilla▶
CVE-2019-9755 ntfs-3g: heap-based buffer overflow leads to local root privilege escalation [epel-all]↗2019-03-22