CVE-2019-5188 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2019-5188?

CVE-2019-5188 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5188?

Check the references section above for vendor advisories and patch information. Affected products include: E2Fsprogs Project E2Fsprogs, Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap.

Vulnerability Description

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
E2Fsprogs Project	E2Fsprogs	>= 1.43.3, <= 1.45.4
Fedoraproject	Fedora	30
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Opensuse	Leap	15.1
Netapp	Hci Compute Node Firmware	-
Netapp	Hci Compute Node	-
Netapp	Solidfire\, Enterprise Sds \& Hci Storage Node	-

Related Weaknesses (CWE)

CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00021.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.netapp.com/advisory/ntap-20220506-0001/Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973ExploitThird Party Advisory
https://usn.ubuntu.com/4249-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00021.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.netapp.com/advisory/ntap-20220506-0001/Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973ExploitThird Party Advisory

FAQ

What is CVE-2019-5188?

CVE-2019-5188 is a vulnerability with a CVSS score of 7.5 (HIGH). A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting i...

How severe is CVE-2019-5188?

CVE-2019-5188 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5188?

Check the references section above for vendor advisories and patch information. Affected products include: E2Fsprogs Project E2Fsprogs, Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap.