Ntfs 3g Tuxera Ntfs 3g

Do you want an email whenever new security vulnerabilities are reported in Tuxera Ntfs 3g?

By the Year

In 2024 there have been 0 vulnerabilities in Tuxera Ntfs 3g . Ntfs 3g did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 9 7.43
2021 21 7.69
2020 0 0.00
2019 1 7.00
2018 0 0.00

It may take a day or so for new Ntfs 3g vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Tuxera Ntfs 3g Security Vulnerabilities

A buffer overflow was discovered in NTFS-3G before 2022.10.3

CVE-2022-40284 7.8 - High - November 06, 2022

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Classic Buffer Overflow

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

CVE-2022-30783 6.7 - Medium - May 26, 2022

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

Unchecked Return Value

A crafted NTFS image

CVE-2022-30784 7.8 - High - May 26, 2022

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Classic Buffer Overflow

A file handle created in fuse_lib_opendir

CVE-2022-30785 6.7 - Medium - May 26, 2022

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

A crafted NTFS image

CVE-2022-30786 7.8 - High - May 26, 2022

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

Memory Corruption

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

CVE-2022-30787 6.7 - Medium - May 26, 2022

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

Integer underflow

A crafted NTFS image

CVE-2022-30788 7.8 - High - May 26, 2022

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2022-30789 7.8 - High - May 26, 2022

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

Memory Corruption

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2

CVE-2021-46790 7.8 - High - May 02, 2022

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

Memory Corruption

A crafted NTFS image

CVE-2021-39254 7.8 - High - September 07, 2021

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

Integer Overflow or Wraparound

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and

CVE-2021-33287 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

Memory Corruption

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow

CVE-2021-35266 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

Memory Corruption

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror

CVE-2021-35267 7.8 - High - September 07, 2021

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

Memory Corruption

A crafted NTFS image

CVE-2021-39251 7.8 - High - September 07, 2021

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

NULL Pointer Dereference

A crafted NTFS image

CVE-2021-39253 7.8 - High - September 07, 2021

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

Out-of-bounds Read

A crafted NTFS image

CVE-2021-39256 7.8 - High - September 07, 2021

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting

CVE-2021-39257 5.5 - Medium - September 07, 2021

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

Stack Exhaustion

A crafted NTFS image

CVE-2021-39258 7.8 - High - September 07, 2021

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.

Out-of-bounds Read

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and

CVE-2021-33286 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

Memory Corruption

A crafted NTFS image

CVE-2021-39259 7.8 - High - September 07, 2021

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2021-39260 7.8 - High - September 07, 2021

A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2021-39261 7.8 - High - September 07, 2021

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2021-39262 7.8 - High - September 07, 2021

A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2021-39263 7.8 - High - September 07, 2021

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

Memory Corruption

A crafted NTFS image

CVE-2021-39252 7.8 - High - September 07, 2021

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

Out-of-bounds Read

A crafted NTFS image

CVE-2021-39255 7.8 - High - September 07, 2021

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

Out-of-bounds Read

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur

CVE-2021-35269 7.8 - High - September 07, 2021

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

Memory Corruption

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur

CVE-2021-35268 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

Memory Corruption

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur

CVE-2021-33285 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.

Memory Corruption

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and

CVE-2021-33289 7.8 - High - September 07, 2021

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

Memory Corruption

An integer underflow issue exists in ntfs-3g 2017.3.23

CVE-2019-9755 7 - High - June 05, 2019

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Server Tus or by Tuxera? Click the Watch button to subscribe.

Tuxera
Vendor

subscribe