Out-of-bounds Write in e2fsprogs

Do your applications use this vulnerable package? Test your applications

Overview

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

ADVISORY
Debian Security Tracker
Fedora Security Update
Fedora Security Update
MLIST
MLIST
OpenSuse Security Announcement
Talos Vulnerability Report
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Local
Attack Complexity

Low
Privileges Required

High
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-5188
CWE: CWE-787
Snyk ID: SNYK-DEBIAN10-E2FSPROGS-540890
Disclosed: 08 Jan, 2020
Published: 07 Jan, 2020

Out-of-bounds Write
Affecting e2fsprogs package, versions <1.44.5-1+deb10u3

Overview

References

CVSS Score

Out-of-bounds Write Affecting e2fsprogs package, versions <1.44.5-1+deb10u3

Overview

References

Out-of-bounds Write
Affecting e2fsprogs package, versions <1.44.5-1+deb10u3