CVE-2020-6108

2020-10-1514:45:32

CWE-131

talos

www.cve.org

exploitable

code execution

vulnerability

f2fs-tools

heap buffer overflow

filesystem

attacker

malicious file

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

40.1%

JSON

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "product": "F2fs-Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "F2fs-Tools F2fs.Fsck 1.13"
      }
    ]
  }
]