CVE-2015-1572 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project E2fsprogs

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow10 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 69.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

E2fsprogs Project E2fsprogs Canonical Ubuntu Linux Debian Linux

Timeline

PublishedFeb 24

Latest updateMay 17

Description

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶Debiane2fsprogs_project/e2fsprogs< 1.42.12-1.1+3

▶Ubuntue2fsprogs_project/e2fsprogs< 1.42.9-3ubuntu1.2

▶NVDe2fsprogs_project/e2fsprogs1.42.11

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-6f5v-c85c-6x7f: Heap-based buffer overflow in closefs↗2022-05-17

▶

OSV

CVE-2015-1572: Heap-based buffer overflow in closefs↗2015-02-24

▶

CVEList

CVE-2015-1572: Heap-based buffer overflow in closefs↗2015-02-24

▶

OSV

e2fsprogs vulnerabilities↗2015-02-23

▶

📋Vendor Advisories

Ubuntu

e2fsprogs vulnerabilities↗2015-02-23

▶

Red Hat

e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)↗2015-02-11

▶

Debian

CVE-2015-1572: e2fsprogs - Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs be...↗2015

▶

💬Community

Bugzilla

CVE-2015-1572 e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)↗2015-02-18

▶

Bugzilla

CVE-2015-1572 e2fsprogs: potential buffer overflow in closefs() [fedora-all]↗2015-02-18

▶