Out-of-bounds Write in e2fsprogs

Do your applications use this vulnerable package? Test your applications

Overview

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

ADVISORY
Bugtraq Mailing List
CONFIRM
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
FEDORA
FEDORA
GENTOO
Talos Vulnerability Report
UBUNTU
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Local
Attack Complexity

Low
Privileges Required

High
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-5094
CWE: CWE-787
Snyk ID: SNYK-UBUNTU1604-E2FSPROGS-469083
Disclosed: 24 Sep, 2019
Published: 24 Sep, 2019

Out-of-bounds Write
Affecting e2fsprogs package, versions <1.42.13-1ubuntu1.1

Overview

References

CVSS Score

Out-of-bounds Write Affecting e2fsprogs package, versions <1.42.13-1ubuntu1.1

Overview

References

Out-of-bounds Write
Affecting e2fsprogs package, versions <1.42.13-1ubuntu1.1