QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-5188

Back to search

CVE-2019-5188

Published: Jan 8, 2020

Modified: May 30, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

VendorProductVersions

n/a

E2fsprogs

affected
1.43.3 - 1.45.4

Weaknesses (CWE)

CWE-787

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

FEDORA-2020-a724cc7926
vendor-advisory
x_refsource_FEDORA
USN-4249-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2020-01ed02451f
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0166
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now