CVE-2024-50247

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 9, 2024

Updated: Nov 13, 2024

CWE ID 125

Summary

CVE-2024-50247 is a vulnerability affecting the Linux kernel's NFS (Network File System) module for handling NTFS (New Technology File System) files. The issue lies in the fs/ntfs3 component, which fails to properly check the size of data being decompressed using LZNT1 compression. An incorrectly formatted chunk may result in more data being decompressed than intended, leading to an index out of bounds condition. This could potentially allow an attacker to manipulate data and execute unintended code, resulting in a security vulnerability. The issue has been resolved.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zuYCB4
https://www.cve.org/CVERecord?id=CVE-2024-50247
https://nvd.nist.gov/vuln/detail/CVE-2024-50247

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-50247

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations