Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842222 (CVE-2021-46790) - <sys-fs/ntfs3g-2021.8.22-r4: heap buffer overflow in ntfsck
Summary: <sys-fs/ntfs3g-2021.8.22-r4: heap buffer overflow in ntfsck
Alias: CVE-2021-46790
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2022-05-02 19:33 UTC by John Helmert III
Modified: 2022-05-03 01:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-02 19:33:29 UTC

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-02 21:18:02 UTC
The bug has been referenced in the following commit(s):

commit 5d92ff672b56bffd9333062940964bb79e228ead
Author:     Mike Gilbert <>
AuthorDate: 2022-05-02 21:16:13 +0000
Commit:     Mike Gilbert <>
CommitDate: 2022-05-02 21:16:13 +0000

    sys-fs/ntfs3g: disable "quarantined" utilities
    Upstream doesn't really support these programs. If someone really needs
    them, we can restore them behind a masked USE flag.
    Signed-off-by: Mike Gilbert <>

 sys-fs/ntfs3g/{ntfs3g-2021.8.22-r3.ebuild => ntfs3g-2021.8.22-r4.ebuild} | 1 -
 1 file changed, 1 deletion(-)
Comment 2 Mike Gilbert gentoo-dev 2022-05-02 21:18:52 UTC
The offending code has been dropped with a straight-to-stable revbump.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-03 01:11:12 UTC
All done, thanks!