vulnerability
SUSE: CVE-2021-33285: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Sep 7, 2021 | Sep 8, 2021 | Oct 26, 2022 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 7, 2021
Added
Sep 8, 2021
Modified
Oct 26, 2022
Description
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.
Solutions
suse-upgrade-libntfs-3g-develsuse-upgrade-libntfs-3g84suse-upgrade-libntfs-3g87suse-upgrade-ntfs-3gsuse-upgrade-ntfsprogssuse-upgrade-ntfsprogs-extra
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.