FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a58f3fde-e4e0-11ec-8340-2d623369b8b5e2fsprogs -- out-of-bounds read/write vulnerability

Nils Bars reports:

During the processing of [a specially fuzzed disk image], an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV).


Discovery 2022-03-24
Entry 2022-06-05
e2fsprogs
< 1.46.5_1

e2fsprogs-nobootfsck
< 1.46.5_1

e2fsprogs-roothardlinks
< 1.46.5_1

CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2068113
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u
2aa9967c-27e0-11e8-9ae1-080027ac955ce2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program

Theodore Y. Ts'o reports:

Fixed some potential buffer overrun bugs in the blkid library and in the fsck program.


Discovery 2018-03-07
Entry 2018-03-14
e2fsprogs
< 1.44.0

e2fsprogs-libblkid
< 1.44.0

http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0
8b61308b-322a-11ea-b34b-1de6fb24355de2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Lilith of Cisco Talos reports:

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Theodore Y. Ts'o reports:

E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)


Discovery 2019-12-18
Entry 2020-01-08
e2fsprogs
< 1.45.5

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5
CVE-2019-5188
ad3451b9-23e0-11ea-8b36-f1925a339a82e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck

Ted Y. Ts'o reports:

A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck.


Discovery 2019-09-23
Entry 2019-12-21
e2fsprogs
< 1.45.4

http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4
CVE-2019-5094