RSS   Podatności dla 'Ntfs-3g'   RSS

2022-05-02
 
CVE-2021-46790

CWE-787
 

 
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

 
2019-06-05
 
CVE-2019-9755

CWE-191
 

 
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

 
2018-04-13
 
CVE-2017-0358

CWE-269
 

 
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

 


Copyright 2024, cxsecurity.com

 

Back to Top