Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 729
    • Issues 729
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 323
    • Merge requests 323
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #11133
Closed
Open
Issue created Jan 15, 2020 by Alicha CH@alichaReporter

e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188)

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Fixed In Version:

e2fsprogs 1.45.5

References:

  • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
  • https://nvd.nist.gov/vuln/detail/CVE-2019-5188

Patches:

  • https://github.com/tytso/e2fsprogs/commit/8dd73c149f418238f19791f9d666089ef9734dff
  • https://github.com/tytso/e2fsprogs/commit/71ba13755337e19c9a826dfc874562a36e1b24d3

Affected branches:

  • master (d8efadc5)
  • 3.11-stable (96134951)
  • 3.10-stable (2ed804fc)
  • 3.9-stable (948fd324)
  • 3.8-stable (18b5cab2)
Edited Jan 20, 2020 by Natanael Copa
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking