Published: 08/01/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 393

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

It exists that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
e2fsprogs project e2fsprogs
fedoraproject fedora 30
fedoraproject fedora 31
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
opensuse leap 15.1
netapp hci_compute_node_firmware -
netapp solidfire\\, enterprise sds \\& hci storage node -

Debian Bug report logs - #948508 CVE-2019-5188: malicious fs can cause stack underflow in e2fsck Package: e2fsprogs; Maintainer for e2fsprogs is Theodore Y Ts'o <tytso@mitedu>; Source for e2fsprogs is src:e2fsprogs (PTS, buildd, popcon) Reported by: "Theodore Y Ts'o" <tytso@mitedu> Date: Thu, 9 Jan 2020 16:03:02 ...

e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition ...

Synopsis Moderate: e2fsprogs security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for e2fsprogs is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...

Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1453 A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution An attacker can corrupt a partition to trigger this vulnerability (CVE-2019-5094) A code execution vulnerability exists in the director ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-787 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 https://usn.ubuntu.com/4249-1/http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html https://security.netapp.com/advisory/ntap-20220506-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948508 https://usn.ubuntu.com/4249-1/https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2019-5188

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect