FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b61308b-322a-11ea-b34b-1de6fb24355de2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Lilith of Cisco Talos reports:

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Theodore Y. Ts'o reports:

E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)


Discovery 2019-12-18
Entry 2020-01-08
e2fsprogs
< 1.45.5

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5
CVE-2019-5188