Descriptionntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ntfs-3g (PTS)stretch1:2016.2.22AR.1+dfsg-1+deb9u1vulnerable
stretch (security)1:2016.2.22AR.1+dfsg-1+deb9u2vulnerable
buster, buster (security)1:2017.3.23AR.3-3+deb10u1vulnerable
bullseye (security), bullseye1:2017.3.23AR.3-4+deb11u1vulnerable
bookworm, sid1:2021.8.22-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


Search for package or bug name: Reporting problems