vulnerability
FreeBSD: VID-8b61308b-322a-11ea-b34b-1de6fb24355d (CVE-2019-5188): e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Jan 8, 2020 | Jan 12, 2020 | Dec 10, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 8, 2020
Added
Jan 12, 2020
Modified
Dec 10, 2025
Description
Lilith of Cisco Talos reports: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Theodore Y. Ts'o reports: E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)
Solution
freebsd-upgrade-package-e2fsprogs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.