Bug 1199139 - (CVE-2021-46790) VUL-0: CVE-2021-46790: ntfs-3g_ntfsprogs: heap overflow in ntfsck
(CVE-2021-46790)
VUL-0: CVE-2021-46790: ntfs-3g_ntfsprogs: heap overflow in ntfsck
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/330473/
CVSSv3.1:SUSE:CVE-2021-46790:5.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-03 07:42 UTC by Thomas Leroy
Modified: 2022-10-20 01:36 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-05-03 07:42:28 UTC
CVE-2021-46790

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving
buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated;
however, it is shipped by some Linux distributions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
https://github.com/tuxera/ntfs-3g/issues/16
Comment 1 Thomas Leroy 2022-05-03 08:27:39 UTC
Should be affected:
- SUSE:SLE-12:Update
- SUSE:SLE-15:Update
- openSUSEFactory

The problem is that it doesn't seem that upstream will provide a fix...
Comment 2 Jia Zhaocong 2022-10-20 01:36:14 UTC
Cleaning up GNOME CVE backlog. The fix is now available upstream.