← Back

CVE-2019-5094

nvd nist
Published: Sep 24, 2019Modified: May 30, 2025

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD (Secondary)

Description

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Affected (13)

Show all products
E2fsprogs Project: E2fsprogs · Debian: Debian Linux · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Netapp: Hci Management Node, Solidfire
E2fsprogs Project
1 product
E2fsprogs
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Canonical
1 product
Ubuntu Linux
Netapp
2 products
Hci Management Node
Solidfire
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
E2fsprogs
From 1.43.3 to 1.45.3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 30
Fedora
Version 31
Configuration D
5 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.04
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Hci Management Node
All versions
Solidfire
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.