CVE-2019-5094

CVE-2019-5094

Name

CVE-2019-5094

Description

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
Third Party Advisory	https://www.debian.org/security/2019/dsa-4535
Mailing List	https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html
Mailing List	https://seclists.org/bugtraq/2019/Sep/58
Third Party Advisory	https://usn.ubuntu.com/4142-2/
Third Party Advisory	https://usn.ubuntu.com/4142-1/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20200115-0002/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/
Third Party Advisory	https://security.gentoo.org/glsa/202003-05
talos-cna@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/
talos-cna@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/

Type

URI

Exploit

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887

Third Party Advisory

https://www.debian.org/security/2019/dsa-4535

Mailing List

https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html

Mailing List

https://seclists.org/bugtraq/2019/Sep/58

Third Party Advisory

https://usn.ubuntu.com/4142-2/

Third Party Advisory

https://usn.ubuntu.com/4142-1/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200115-0002/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/

Third Party Advisory

https://security.gentoo.org/glsa/202003-05

talos-cna@cisco.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/

talos-cna@cisco.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:e2fsprogs_project:e2fsprogs::::::::`	e2fsprogs	>= 1.43.3	<= 1.45.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:*

e2fsprogs

>= 1.43.3

<= 1.45.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
e2fsprogs	edge-main	1.45.4-r0	None	fixed
e2fsprogs	3.22-main	1.45.4-r0	None	fixed
e2fsprogs	3.21-main	1.45.4-r0	None	fixed
e2fsprogs	3.20-main	1.45.4-r0	None	fixed
e2fsprogs	3.19-main	1.45.4-r0	None	fixed
e2fsprogs	3.18-main	1.45.4-r0	None	fixed
e2fsprogs	3.17-main	1.45.4-r0	None	fixed
e2fsprogs	3.12-main	1.45.4-r0	None	fixed
e2fsprogs	3.11-main	1.45.4-r0	None	fixed
e2fsprogs	3.10-main	1.45.2-r1	None	fixed

Source package

Branch

Version

Maintainer

Status

e2fsprogs

edge-main

1.45.4-r0

None

fixed

e2fsprogs

3.22-main