{"containers": {"cna": {"affected": [{"product": "E2fsprogs", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.43.3 - 1.45.4"}]}], "descriptions": [{"lang": "en", "value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-06T13:06:14", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "FEDORA-2020-a724cc7926", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"}, {"name": "USN-4249-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4249-1/"}, {"name": "FEDORA-2020-01ed02451f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"}, {"name": "openSUSE-SU-2020:0166", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"}, {"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220506-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "E2fsprogs", "version": {"version_data": [{"version_value": "1.43.3 - 1.45.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.5, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2020-a724cc7926", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"}, {"name": "USN-4249-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4249-1/"}, {"name": "FEDORA-2020-01ed02451f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"}, {"name": "openSUSE-SU-2020:0166", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"}, {"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"}, {"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "refsource": "CONFIRM", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"}, {"name": "https://security.netapp.com/advisory/ntap-20220506-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220506-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.785Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2020-a724cc7926", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"}, {"name": "USN-4249-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4249-1/"}, {"name": "FEDORA-2020-01ed02451f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"}, {"name": "openSUSE-SU-2020:0166", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"}, {"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220506-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5188", "datePublished": "2020-01-08T15:45:09", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.785Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:*", "matchCriteriaId": "27544A8B-C500-4388-AF65-B3027E229DC5", "versionEndIncluding": "1.45.4", "versionStartIncluding": "1.43.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad directory rehashing de E2fsprogs e2fsck versi\u00f3n 1.45.4. Un directorio ext4 especialmente dise\u00f1ado puede causar una escritura fuera de l\u00edmites en la pila, resultando en una ejecuci\u00f3n de c\u00f3digo. Un atacante puede corromper una partici\u00f3n para desencadenar esta vulnerabilidad."}], "id": "CVE-2019-5188", "lastModified": "2023-11-07T03:11:27.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2020-01-08T16:15:11.500", "references": [{"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"}, {"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"}, {"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"}, {"source": "talos-cna@cisco.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"}, {"source": "talos-cna@cisco.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220506-0001/"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4249-1/"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4011", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "e2fsprogs-0:1.42.9-19.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:1913", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "e2fsprogs-0:1.45.4-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2021:0949", "cpe": "cpe:/a:redhat:openshift_do:1.0::el7", "package": "openshiftdo/odo-init-image-rhel7:1.1.3-2", "product_name": "Red Hat OpenShift Do", "release_date": "2021-03-22T00:00:00Z"}], "bugzilla": {"description": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", "id": "1790048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790048"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."], "name": "CVE-2019-5188", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "e2fsprogs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "e2fsprogs", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2020-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5188\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5188"], "threat_severity": "Moderate", "upstream_fix": "e2fsprogs 1.45.5"}