CVE-2019-5188 — Out-of-bounds Write in Project E2fsprogs
Severity
6.7MEDIUMNVD
CNA7.5
EPSS
0.1%
top 79.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 8
Latest updateDec 14
Description
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04, 19.10
🔴Vulnerability Details
3GHSA▶
GHSA-qv2m-8j7x-p5c8: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1↗2022-05-24
OSV▶
CVE-2019-5188: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1↗2020-01-08
CVEList▶
CVE-2019-5188: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1↗2020-01-08
📋Vendor Advisories
5Microsoft▶
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack resulting in↗2020-01-14
Debian▶
CVE-2019-5188: e2fsprogs - A code execution vulnerability exists in the directory rehashing functionality o...↗2019