FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2aa9967c-27e0-11e8-9ae1-080027ac955ce2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program

Theodore Y. Ts'o reports:

Fixed some potential buffer overrun bugs in the blkid library and in the fsck program.


Discovery 2018-03-07
Entry 2018-03-14
e2fsprogs
< 1.44.0

e2fsprogs-libblkid
< 1.44.0

http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0
a58f3fde-e4e0-11ec-8340-2d623369b8b5e2fsprogs -- out-of-bounds read/write vulnerability

Nils Bars reports:

During the processing of [a specially fuzzed disk image], an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV).


Discovery 2022-03-24
Entry 2022-06-05
e2fsprogs
< 1.46.5_1

e2fsprogs-nobootfsck
< 1.46.5_1

e2fsprogs-roothardlinks
< 1.46.5_1

CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2068113
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u
ad3451b9-23e0-11ea-8b36-f1925a339a82e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck

Ted Y. Ts'o reports:

A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck.


Discovery 2019-09-23
Entry 2019-12-21
e2fsprogs
< 1.45.4

http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4
CVE-2019-5094
8b61308b-322a-11ea-b34b-1de6fb24355de2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Lilith of Cisco Talos reports:

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Theodore Y. Ts'o reports:

E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)


Discovery 2019-12-18
Entry 2020-01-08
e2fsprogs
< 1.45.5

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5
CVE-2019-5188
2a4bcd7d-bbb8-11e4-903c-080027ef73ece2fsprogs -- potential buffer overflow in closefs()

Theodore Ts'o reports:

On a carefully crafted filesystem that gets modified through tune2fs or debugfs, it is possible to trigger a buffer overrun when the file system is closed via closefs().


Discovery 2015-02-06
Entry 2015-02-24
e2fsprogs
< 1.42.12_2

http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
CVE-2015-1572