system/e2fsprogs: CVE-2019-5094: buffer overflow in e2fsck quota handling
Bugzilla ID | 204 |
Alias(es) | CVE-2019-5094 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-09-25 16:44:29 -0500 |
Modified | 2019-09-30 15:01:41 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-5094 |
Description
An exploitable code execution vulnerability exists in the quota file
functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition
can cause an out-of-bounds write on the heap, resulting in code
execution. An attacker can corrupt a partition to trigger this
vulnerability.