CVE-2019-5188

Public on 2020-01-08

Modified on 2021-01-13

Description

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Severity

Medium

See what this means

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	e2fsprogs	2021-01-12 22:51	ALAS-2021-1458
Amazon Linux 2 - Core	e2fsprogs	2020-10-22 17:27	ALAS2-2020-1509

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.5	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
NVD	CVSSv2	4.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
NVD	CVSSv3	7.5	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

References

Red Hat: CVE-2019-5188 Mitre: CVE-2019-5188 FAQs regarding Amazon Linux ALAS/CVE Severity