CVE-2022-1304: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
citrix	citrix_hypervisor	—	—
citrix	xenserver	—	—
debian	e2fsprogs	< e2fsprogs 1.46.6~rc1-1 (bookworm)	e2fsprogs 1.46.6~rc1-1 (bookworm)
e2fsprogs_project	e2fsprogs	—	—
e2fsprogs_project	e2fsprogs	—	—
e2fsprogs_project	e2fsprogs	>= 0 < 1.46.2-2+deb11u1	1.46.2-2+deb11u1
e2fsprogs_project	e2fsprogs	>= 0 < 1.46.6~rc1-1	1.46.6~rc1-1
e2fsprogs_project	e2fsprogs	>= 0 < 1.46.6~rc1-1	1.46.6~rc1-1
e2fsprogs_project	e2fsprogs	>= 0 < 1.46.6~rc1-1	1.46.6~rc1-1
fedoraproject	fedora	—	—
msrc	cbl2_e2fsprogs_1.46.5-3_on_cbl_mariner_2.0	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv7.8HIGH