CVE-2015-0247 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project E2fsprogs
Severity
4.6MEDIUMNVD
EPSS
0.4%
top 39.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 17
Latest updateMay 17
Description
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
CVSS vector
AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4
Affected Packages3 packages
Also affects: Debian Linux 7.0, Fedora 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10
🔴Vulnerability Details
7📋Vendor Advisories
5Red Hat▶
e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)↗2015-02-05
Debian▶
CVE-2015-0247: e2fsprogs - Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs bef...↗2015
Debian▶
CVE-2015-1572: e2fsprogs - Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs be...↗2015
💬Community
3Bugzilla▶
CVE-2015-1572 e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)↗2015-02-18
Bugzilla▶
CVE-2015-0247 e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002) [fedora-all]↗2015-02-05
Bugzilla▶
CVE-2015-0247 e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)↗2015-01-29