CVE-2022-1304 — Out-of-bounds Read in Project E2fsprogs

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write10 documents10 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

E2fsprogs Project E2fsprogs Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedApr 14

Latest updateMar 16

Description

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debiane2fsprogs_project/e2fsprogs< 1.46.2-2+deb11u1+3

▶CVEListV5e2fsprogs_project/e2fsprogse2fsprogs 1.46.5

▶NVDe2fsprogs_project/e2fsprogs1.46.5

Also affects: Fedora 35, Enterprise Linux 6.0, 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-jrv4-gggm-r53c: An out-of-bounds read/write vulnerability was found in e2fsprogs 1↗2022-04-15

▶

CVEList

CVE-2022-1304: An out-of-bounds read/write vulnerability was found in e2fsprogs 1↗2022-04-14

▶

OSV

CVE-2022-1304: An out-of-bounds read/write vulnerability was found in e2fsprogs 1↗2022-04-14

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

Oracle

Oracle Oracle Communications Risk Matrix: Oracle Linux (e2fsprogs) — CVE-2022-1304↗2023-01-15

▶

Ubuntu

e2fsprogs vulnerability↗2022-06-07

▶

Microsoft

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.↗2022-04-12

▶

Red Hat

e2fsprogs: out-of-bounds read/write via crafted filesystem↗2022-03-24

▶