QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5094

Published: Sep 24, 2019

Modified: May 30, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Vendor	Product	Versions
n/a	E2fsprogs	affected `E2fsprogs 1.43.3 - 1.45.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20190928 [SECURITY] [DLA 1935-1] e2fsprogs security update

mailing-list

x_refsource_MLIST

20190929 [SECURITY] [DSA 4535-1] e2fsprogs security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

FEDORA-2020-a724cc7926

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-01ed02451f

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200115-0002/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.