CVE-2019-9755

Name
CVE-2019-9755
Description
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://www.tuxera.com/community/release-history/
REDHAT https://access.redhat.com/errata/RHSA-2019:2308
REDHAT https://access.redhat.com/errata/RHSA-2019:3345
REDHAT https://access.redhat.com/errata/RHBA-2019:3723
GENTOO https://security.gentoo.org/glsa/202007-45

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tuxera:ntfs-3g:2017.3.23:*:*:*:*:*:*:* ntfs-3g == None == 2017.3.23

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ntfs-3g 3.13-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
ntfs-3g 3.12-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
ntfs-3g 3.11-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
ntfs-3g 3.10-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
ntfs-3g 3.14-main 2017.3.23-r3 Natanael Copa <ncopa@alpinelinux.org> fixed