Your submission was sent successfully! Close

CVE-2021-46790

Published: 2 May 2022

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

Notes

AuthorNote
mdeslaur
The ntfsck tool is in the ntfs-3g-dev binary package, which
isn't normally installed, and per upstream "ntfsck does nothing
useful, it has been put into the quarantine section, and the
distributions should not use it."
Setting priority to low.
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
ntfs-3g
Launchpad, Ubuntu, Debian
bionic
Released (1:2017.3.23-2ubuntu0.18.04.4)
focal
Released (1:2017.3.23AR.3-3ubuntu1.2)
impish
Released (1:2017.3.23AR.3-3ubuntu5.1)
jammy
Released (1:2021.8.22-3ubuntu1.1)
trusty
Released (1:2013.1.13AR.1-2ubuntu2+esm2)
upstream
Released (2022.5.17)
xenial
Released (1:2015.3.14AR.1-1ubuntu0.3+esm2)
Patches:
upstream: https://github.com/tuxera/ntfs-3g/commit/96412e28e5c7ac2d15f1cff8c825330bbb60976e