CVE-2019-5094

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions E2fsprogs version 1.45.3

Description The issue is related to a code execution vulnerability in the quota file functionality of E2fsprogs, which can be triggered by a specially crafted ext4 partition. This can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can exploit this by corrupting a partition.

Recommendations For E2fsprogs version 1.45.3, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3390

ALT-PU-2023-2092

BDU:2019-04671

CESA-2020_1913

CESA-2020_4011

CVE-2019-5094

DLA-1935-1

DSA-4535-1

MGASA-2019-0296

OPENSUSE-SU-2024:10731-1

RHSA-2020:1913

RHSA-2020:4011

RHSA-2020_1913

RHSA-2020_4011

SUSE-RU-2019:2676-1

SUSE-RU-2019:2677-1

USN-4142-1

USN-4142-2

Affected Products

Alt Linux

Centos

E2Fsprogs

Red Hat

Ubuntu

CVE-2019-5094

Weakness Enumeration

Related Identifiers

Affected Products

References · 72