Lucene search

[email protected]CVE-2019-5188

HistoryJan 08, 2020 - 4:15 p.m.

CVE-2019-5188

2020-01-0816:15:11

CWE-787

[email protected]

web.nvd.nist.gov

247

cve-2019-5188

code execution

directory rehashing

e2fsprogs

e2fsck

vulnerability

ext4

stack

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Affected configurations

NVD

Node

e2fsprogs_projecte2fsprogsRange1.43.3–1.45.4

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

canonicalubuntu_linuxMatch19.10

Node

opensuseleapMatch15.1

Node

netapphci_compute_node_firmwareMatch-

AND

netapphci_compute_nodeMatch-

Node

netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-

CPENameOperatorVersion
e2fsprogs_project:e2fsprogse2fsprogs project e2fsprogsle1.45.4

CPE	Name	Operator	Version
e2fsprogs_project:e2fsprogs	e2fsprogs project e2fsprogs	le	1.45.4

CNA Affected

[
  {
    "product": "E2fsprogs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.43.3 - 1.45.4"
      }
    ]
  }
]