Lucene search

Veracode Vulnerability DatabaseVERACODE:21154

HistoryAug 08, 2019 - 12:08 a.m.

Buffer Overflows And Privilege Escalation

2019-08-0800:08:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

libguestfs-winsupport is vulnerable to heap-based buffer overflow. An attacker can run /bin/ntfs-3g with a malicious file, even causing local access escalation attack if the /bin/ntfs-3g is a setuid-root binary.

CPENameOperatorVersion
libguestfs-winsupporteq7.1__4.el7
ntfs-3g:edgeeq2017.3.23-r1
libguestfs-winsupporteq7.1__4.el7
ntfs-3g:edgeeq2017.3.23-r1

Name	Operator	Version
libguestfs-winsupport	eq	7.1__4.el7
ntfs-3g:edge	eq	2017.3.23-r1
libguestfs-winsupport	eq	7.1__4.el7
ntfs-3g:edge	eq	2017.3.23-r1

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHBA-2019:3723

access.redhat.com/errata/RHSA-2019:2308

access.redhat.com/errata/RHSA-2019:3345

access.redhat.com/security/updates/classification/#low

security.gentoo.org/glsa/202007-45

www.tuxera.com/community/release-history/

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:21154