CVE-2021-33286

Advisory lineage Upstream: 0 Downstream: 12

Downstream

DEBIAN-CVE-2021-33286 DLA-2819-1 DSA-4971-1 MGASA-2022-0001 OPENSUSE-SU-2021:1244-1 OPENSUSE-SU-2021:2971-1

Modified

Published: 07 Sept 2021, 00:00

Last modified:03 Aug 2024, 23:42

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.13% LOW

0% probability -0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Sept 2021, 00:00

Published

Vulnerability first disclosed

03 Aug 2024, 23:42

Last Modified

Vulnerability information updated

Description

In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.13%• Percentile: 32%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

debian•debian_linux
9.0 | 10.0 | 11.0
tuxera•ntfs-3g
< 2021.8.22