Vulnerabilities

 1 via 4 paths

Dependencies

 136

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 ubuntu:19.04
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs
  • Introduced through: e2fsprogs@1.44.6-1ubuntu0.1, e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1 and others
  • Fixed in: 1.44.6-1ubuntu0.2

Detailed paths

  • Introduced through: buildpack-deps@disco-curl e2fsprogs@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps@disco-curl e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps@disco-curl e2fsprogs/libext2fs2@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps@disco-curl e2fsprogs/libss2@1.44.6-1ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream e2fsprogs package and not the e2fsprogs package as distributed by Ubuntu. See How to fix? for Ubuntu:19.04 relevant fixed versions and status.

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Ubuntu:19.04 e2fsprogs to version 1.44.6-1ubuntu0.2 or higher.

References

Out-of-bounds Write vulnerability report