CVE-2019-5188

CVE	CVE-2019-5188
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-08 16:15:00 UTC
Updated	2023-11-07 03:11:00 UTC
Description	A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Problem Types: CWE-787

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	E2fsprogs Project	E2fsprogs	All	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Operating System	Netapp	Hci Compute Node Firmware	-	All	All	All
Application	Netapp	Solidfire Enterprise Sds Hci Storage Node	-	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All

Reference	Source	Link	Tags
[SECURITY] [DLA 2156-1] e2fsprogs security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
USN-4249-1: e2fsprogs vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
[SECURITY] Fedora 30 Update: e2fsprogs-1.44.6-2.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
TALOS-2019-0973 \|\| Cisco Talos Intelligence Group - Comprehensive Threat Intelligence	CONFIRM	talosintelligence.com	Exploit, Third Party Advisory
[security-announce] openSUSE-SU-2020:0166-1: moderate: Security update f	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 31 Update: e2fsprogs-1.45.5-1.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 31 Update: e2fsprogs-1.45.5-1.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] Fedora 30 Update: e2fsprogs-1.44.6-2.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] [DLA 2290-1] e2fsprogs security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
CVE-2019-5188 E2fsprogs Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

377536 Alibaba Cloud Linux Security Update for e2fsprogs (ALINUX2-SA-2020:0152)
500171 Alpine Linux Security Update for e2fsprogs
503906 Alpine Linux Security Update for e2fsprogs
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
900188 CBL-Mariner Linux Security Update for e2fsprogs 1.44.6
903332 Common Base Linux Mariner (CBL-Mariner) Security Update for e2fsprogs (3726)