Vulnerabilities > CVE-2021-33287 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-09-07

Updated: 2023-11-07

Summary

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

Vulnerable Configurations

Part	Description	Count
Application	Tuxera Tuxera Ntfs 3G - Tuxera Ntfs 3G 2009.1.1 Tuxera Ntfs 3G 2009.2.1 Tuxera Ntfs 3G 2009.3.8 Tuxera Ntfs 3G 2009.4.4 Tuxera Ntfs 3G 2009.11.14 Tuxera Ntfs 3G 2010.1.16 Tuxera Ntfs 3G 2010.3.6 Tuxera Ntfs 3G 2010.5.16 Tuxera Ntfs 3G 2010.5.22 Tuxera Ntfs 3G 2010.8.8 Tuxera Ntfs 3G 2010.10.2 Tuxera Ntfs 3G 2011.1.15 Tuxera Ntfs 3G 2011.4.12 Tuxera Ntfs 3G 2012.1.15 Tuxera Ntfs 3G 2013.1.13 Tuxera Ntfs 3G 2014.2.15 Tuxera Ntfs 3G 2015.3.14 Tuxera Ntfs 3G 2016.2.22 Tuxera Ntfs 3G 2017.3.23	20
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 35	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References