Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 842222 (CVE-2021-46790)

Summary: <sys-fs/ntfs3g-2021.8.22-r4: heap buffer overflow in ntfsck
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: base-system, chutzpah
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/tuxera/ntfs-3g/issues/16
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-02 19:33:29 UTC
CVE-2021-46790:

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-02 21:18:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d92ff672b56bffd9333062940964bb79e228ead

commit 5d92ff672b56bffd9333062940964bb79e228ead
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-05-02 21:16:13 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-05-02 21:16:13 +0000

    sys-fs/ntfs3g: disable "quarantined" utilities
    
    Upstream doesn't really support these programs. If someone really needs
    them, we can restore them behind a masked USE flag.
    
    Bug: https://bugs.gentoo.org/842222
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-fs/ntfs3g/{ntfs3g-2021.8.22-r3.ebuild => ntfs3g-2021.8.22-r4.ebuild} | 1 -
 1 file changed, 1 deletion(-)
Comment 2 Mike Gilbert gentoo-dev 2022-05-02 21:18:52 UTC
The offending code has been dropped with a straight-to-stable revbump.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-03 01:11:12 UTC
All done, thanks!