CVE-2019-5094 — Out-of-bounds Write in Project E2fsprogs
Severity
6.7MEDIUMNVD
CNA7.5
EPSS
0.3%
top 43.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 24
Latest updateDec 14
Description
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04
🔴Vulnerability Details
3GHSA▶
GHSA-3498-94v2-7qqw: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1↗2022-05-24
CVEList▶
CVE-2019-5094: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1↗2019-09-24
OSV▶
CVE-2019-5094: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1↗2019-09-24
📋Vendor Advisories
6Microsoft▶
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap resulting in cod↗2019-09-10