CVE-2019-5188

{"id": "CVE-2019-5188", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2020-01-08T16:15:11.500", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", "source": "talos-cna@cisco.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", "source": "talos-cna@cisco.com"}, {"url": "https://security.netapp.com/advisory/ntap-20220506-0001/", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://usn.ubuntu.com/4249-1/", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20220506-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4249-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad directory rehashing de E2fsprogs e2fsck versi\u00f3n 1.45.4. Un directorio ext4 especialmente dise\u00f1ado puede causar una escritura fuera de l\u00edmites en la pila, resultando en una ejecuci\u00f3n de c\u00f3digo. Un atacante puede corromper una partici\u00f3n para desencadenar esta vulnerabilidad."}], "lastModified": "2024-11-21T04:44:31.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27544A8B-C500-4388-AF65-B3027E229DC5", "versionEndIncluding": "1.45.4", "versionStartIncluding": "1.43.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}