ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. References: https://github.com/tuxera/ntfs-3g/issues/16 http://www.openwall.com/lists/oss-security/2022/05/26/1
Created ntfs-3g tracking bugs for this issue: Affects: epel-all [bug 2093362] Affects: fedora-all [bug 2093360] Created ntfs-3g-system-compression tracking bugs for this issue: Affects: epel-all [bug 2093363] Affects: fedora-all [bug 2093361] Created ntfs2btrfs tracking bugs for this issue: Affects: fedora-all [bug 2093359]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2179 https://access.redhat.com/errata/RHSA-2023:2179
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2757 https://access.redhat.com/errata/RHSA-2023:2757
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-46790