{"vulnerability": "CVE-2021-33285", "sightings": [{"uuid": "8fe25ac9-51c5-4bf4-98e3-25c7200f8267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33285", "type": "seen", "source": "https://t.me/cibsecurity/28354", "content": "\u203c CVE-2021-33285 \u203c\n\nIn Tuxera ntfs-3g versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the \"bytes_in_use\" field should be less than the \"bytes_allocated\" field. When it is not, the parsing of the records proceeds into the wild.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T18:17:19.000000Z"}]}