CVE-2019-5188

2020-01-0815:45:09

CWE-787

talos

www.cve.org

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

CNA Affected

[
  {
    "product": "E2fsprogs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.43.3 - 1.45.4"
      }
    ]
  }
]