cbcvebase.

Tuxera Ntfs-3G vulnerabilities

36 known vulnerabilities affecting tuxera/ntfs-3g.

Total CVEs
36
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH29MEDIUM6LOW1

Vulnerabilities

Page 2 of 2
CVE-2021-39260P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39260 [HIGH] CWE-787 CVE-2021-39260: A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NT A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
nvdosv
CVE-2022-30784P3HIGHCVSS 7.8≤ 2021.8.222022-05-26
CVE-2022-30784 [HIGH] CWE-120 CVE-2022-30784: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
nvdosv
CVE-2021-39258P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39258 [HIGH] CWE-125 CVE-2021-39258: A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
nvdosv
CVE-2021-39259P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39259 [HIGH] CWE-787 CVE-2021-39259: A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
nvdosv
CVE-2021-39252P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39252 [HIGH] CWE-125 CVE-2021-39252: A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
nvdosv
CVE-2021-39253P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39253 [HIGH] CWE-125 CVE-2021-39253: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
nvdosv
CVE-2021-33287P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-33287 [HIGH] CWE-787 CVE-2021-33287: In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntf In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
nvdosv
CVE-2021-39255P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39255 [HIGH] CWE-125 CVE-2021-39255: A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_ A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
nvdosv
CVE-2021-39251P3HIGHCVSS 7.8fixed in 2021.8.222021-09-07
CVE-2021-39251 [HIGH] CWE-476 CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 202 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
nvdosv
CVE-2019-9755P4HIGHCVSS 7.0v2017.3.232019-06-05
CVE-2019-9755 [HIGH] CWE-191 CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit t An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, th
nvdosv
CVE-2022-30785P4MEDIUMCVSS 6.7≤ 2021.8.222022-05-26
CVE-2022-30785 [MEDIUM] CVE-2022-30785: A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary mem A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
nvdosv
CVE-2022-30787P4MEDIUMCVSS 6.7≤ 2021.8.222022-05-26
CVE-2022-30787 [MEDIUM] CWE-191 CVE-2022-30787: An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
nvdosv
CVE-2022-30783P4MEDIUMCVSS 6.7≤ 2021.8.222022-05-26
CVE-2022-30783 [MEDIUM] CWE-252 CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic betw An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
nvdosv
CVE-2021-39257P4MEDIUMCVSS 5.5fixed in 2021.8.222021-09-07
CVE-2021-39257 [MEDIUM] CWE-674 CVE-2021-39257: A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
nvdosv
CVE-2023-52890P4MEDIUMCVSS 4.5≥ 0, < 1:2017.3.23AR.3-4+deb11u4≥ 0, < 1:2022.10.3-1+deb12u1+1 more2024-06-13
CVE-2023-52890 [MEDIUM] CVE-2023-52890: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
osv
CVE-2007-5159P4MEDIUMCVSS 4.6≥ 0, < 1:1.913-22007-10-01
CVE-2007-5159 [MEDIUM] CVE-2007-5159: The ntfs-3g package before 1 The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
osv
Tuxera Ntfs-3G vulnerabilities | cvebase