PT-2020-6209 · E2Fsprogs+5 · E2Fsprogs+5

Published

2020-01-07

Updated

2023-06-28

CVE-2019-5188

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions E2fsprogs e2fsck versions 1.43.3 through 1.45.4

Description A code execution issue exists in the directory rehashing functionality of E2fsprogs e2fsck. This is caused by an out-of-bounds write on the stack when processing a specially crafted ext4 directory, allowing an attacker to execute code by corrupting a partition. The vulnerability can also lead to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For versions 1.43.3 through 1.45.4, update to version 1.45.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the e2fsck utility until the update is applied. Avoid using e2fsck on potentially corrupted partitions until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3390

ALT-PU-2023-2092

BDU:2021-03599

CESA-2020_1913

CESA-2020_4011

CVE-2019-5188

DLA-2156-1

DLA-2290-1

MGASA-2020-0039

OPENSUSE-SU-2020:0166-1

OPENSUSE-SU-2020_0166-1

RHSA-2020:1913

RHSA-2020:4011

RHSA-2020_1913

RHSA-2020_4011

SUSE-SU-2020:0265-1

SUSE-SU-2020:0360-1

SUSE-SU-2020_0265-1

SUSE-SU-2020_0360-1

USN-4249-1

Affected Products

Alt Linux

Centos

E2Fsprogs

Red Hat

Suse

Ubuntu

PT-2020-6209 · E2Fsprogs+5 · E2Fsprogs+5

CVE-2019-5188

Weakness Enumeration

Related Identifiers

Affected Products

References · 45