PT-2022-3099 · E2Fsprogs+9 · E2Fsprogs+9

Borja Tarraso

Published

2022-03-24

Updated

2024-11-22

CVE-2022-1304

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions e2fsprogs version 1.46.5

Description The issue is related to an out-of-bounds read/write in the e2fsprogs utility set, which can lead to a segmentation fault and possibly allow an attacker to execute arbitrary code via a specially crafted filesystem.

Recommendations For e2fsprogs version 1.46.5, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2022:7720

ALSA-2022:8361

AZL-9407

BDU:2022-03769

CESA-2022_7720

CVE-2022-1304

DLA-3910-1

MGASA-2022-0384

OESA-2022-1719

OPENSUSE-SU-2022_1688-1

OPENSUSE-SU-2022_1718-1

RHSA-2022:7720

RHSA-2022:8361

RHSA-2022_7720

RHSA-2022_8361

RLSA-2022:7720

RLSA-2022:8361

ROSA-SA-2024-2453

SUSE-SU-2022:1652-1

SUSE-SU-2022:1688-1

SUSE-SU-2022:1695-1

SUSE-SU-2022:1718-1

SUSE-SU-2022_1652-1

SUSE-SU-2022_1688-1

SUSE-SU-2022_1695-1

SUSE-SU-2022_1718-1

USN-5464-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

E2Fsprogs

PT-2022-3099 · E2Fsprogs+9 · E2Fsprogs+9

CVE-2022-1304

Weakness Enumeration

Related Identifiers

Affected Products

References · 59