CVE-2021-35267
HIGHCVSS v3.1: 7.8 · EPSS: 0.0048 (37.9 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.8 v3.1 · NVD
- EPSS
- 0.0048 (37.9 percentile) · FIRST.org
- CISA KEV
- No
- Type
- Out-of-bounds Write · NVD CWE
- Attack conditions (CVSS vector)
- No user interaction · Source: NVD Vector
- Affected vendors
- debian, tuxera, fedoraproject
- Published
- 2021-09-07 · Modified: 2026-07-05
- References
- Jump to references (8)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference http://www.openwall.com/lists/oss-security/2021/08/30/1
- Vendor advisory https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- Distro https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- Distro https://lists.fedoraproject.org/archives/list/[email protected]/mes…
- Distro https://lists.fedoraproject.org/archives/list/[email protected]/mes…
- Distro https://security.gentoo.org/glsa/202301-01
- Distro https://www.debian.org/security/2021/dsa-4971
- Reference http://ntfs-3g.com