CVE-2019-5188

Published: 08 January 2020

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Priority

CVSS 3 base score: 6.7

Status

Package	Release	Status
e2fsprogs Launchpad, Ubuntu, Debian	Upstream	Released (1.45.5-1)


	Ubuntu 20.04 LTS (Focal Fossa)	Released (1.45.3-4ubuntu3)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (1.44.1-1ubuntu1.3)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (1.42.13-1ubuntu1.2)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.42.9-3ubuntu1.3+esm2)
	Patches: Upstream: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff Upstream: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2019-5188

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading