CVE-2021-33287

Name
CVE-2021-33287
Description
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC http://ntfs-3g.com
MISC https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
MISC http://tuxera.com
MLIST http://www.openwall.com/lists/oss-security/2021/08/30/1
DEBIAN https://www.debian.org/security/2021/dsa-4971
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:* ntfs-3g >= None < 2021.8.22

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ntfs-3g 3.14-main 2017.3.23-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ntfs-3g 3.13-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ntfs-3g 3.12-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ntfs-3g 3.11-main 2017.3.23-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable