Published: 24/09/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

It exists that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
e2fsprogs project e2fsprogs
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 30
fedoraproject fedora 31
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
netapp solidfire -
netapp hci management node -

Debian Bug report logs - #941139 CVE-2019-5094: malicious fs can cause buffer overrun in e2fsck Package: src:e2fsprogs; Maintainer for src:e2fsprogs is Theodore Y Ts'o <tytso@mitedu>; Reported by: "Theodore Y Ts'o" <tytso@mitedu> Date: Wed, 25 Sep 2019 15:42:01 UTC Severity: grave Tags: fixed-upstream, security, ...

e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition ...

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities Running e2fsck on a malformed file system can result in the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fixed in version 1434-2+deb9u1 For the stable distribution ...

Synopsis Moderate: e2fsprogs security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for e2fsprogs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

Synopsis Moderate: e2fsprogs security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for e2fsprogs is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1453 A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution An attacker can corrupt a partition to trigger this vulnerability (CVE-2019-5094) A code execution vulnerability exists in the director ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-787 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 https://www.debian.org/security/2019/dsa-4535 https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html https://seclists.org/bugtraq/2019/Sep/58 https://usn.ubuntu.com/4142-2/https://usn.ubuntu.com/4142-1/https://security.netapp.com/advisory/ntap-20200115-0002/https://security.gentoo.org/glsa/202003-05 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941139 https://nvd.nist.gov https://usn.ubuntu.com/4142-1/https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Get Started

CVE-2019-5094

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect