#VU64092 Heap-based buffer overflow in NTFS-3G - CVE-2021-46790


Vulnerability identifier: #VU64092

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46790

CWE-ID: CWE-122

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
NTFS-3G
Universal components / Libraries / Libraries used by multiple products

Vendor: Tuxera

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the ntfsck in NTFS-3G when processing specially crafted NTFS filesystem. A local user can mount a malicious NTFS filesystem, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

NTFS-3G: 1.0 - 2021.8.14

External links
https://github.com/tuxera/ntfs-3g/issues/16
https://www.openwall.com/lists/oss-security/2022/05/26/1
https://bugzilla.redhat.com/show_bug.cgi?id=2093358

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Slackware Linux update for ntfs-3g
Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules
Red Hat Enterprise Linux 9 update for libguestfs-winsupport
Multiple vulnerabilities in Oracle Linux
SUSE update for ntfs-3g_ntfsprogs
SUSE update for ntfs-3g_ntfsprogs
Fedora EPEL 9 update for ntfs-3g
Fedora EPEL 7 update for ntfs-3g
Fedora EPEL 8 update for ntfs-3g
Debian update for ntfs-3g