system/e2fsprogs: CVE-2019-5094: buffer overflow in e2fsck quota handling
| Bugzilla ID | 204 |
| Alias(es) | CVE-2019-5094 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-09-25 16:44:29 -0500 |
| Modified | 2019-09-30 15:01:41 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-5094 |
Description
An exploitable code execution vulnerability exists in the quota file
functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition
can cause an out-of-bounds write on the heap, resulting in code
execution. An attacker can corrupt a partition to trigger this
vulnerability.