Vulnerabilities > CVE-2021-35266 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-09-07

Updated: 2023-11-07

Summary

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.

Vulnerable Configurations

Part	Description	Count
Application	Tuxera Tuxera Ntfs 3G - Tuxera Ntfs 3G 2009.1.1 Tuxera Ntfs 3G 2009.2.1 Tuxera Ntfs 3G 2009.3.8 Tuxera Ntfs 3G 2009.4.4 Tuxera Ntfs 3G 2009.11.14 Tuxera Ntfs 3G 2010.1.16 Tuxera Ntfs 3G 2010.3.6 Tuxera Ntfs 3G 2010.5.16 Tuxera Ntfs 3G 2010.5.22 Tuxera Ntfs 3G 2010.8.8 Tuxera Ntfs 3G 2010.10.2 Tuxera Ntfs 3G 2011.1.15 Tuxera Ntfs 3G 2011.4.12 Tuxera Ntfs 3G 2012.1.15 Tuxera Ntfs 3G 2013.1.13 Tuxera Ntfs 3G 2014.2.15 Tuxera Ntfs 3G 2015.3.14 Tuxera Ntfs 3G 2016.2.22 Tuxera Ntfs 3G 2017.3.23 Tuxera Ntfs 3G 2021.8.22	21
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 35	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References