What is CVE-2019-5188?

CVE-2019-5188 is a code execution vulnerability in the directory rehashing functionality of E2fsprogs e2fsck 1.

How does CVE-2019-5188 affect IBM Security Guardium?

IBM Security Guardium versions up to 11.3 are affected by CVE-2019-5188.

Is Debian Debian Linux impacted by CVE-2019-5188?

Yes, Debian Debian Linux versions 8.0 and 9.0 are impacted by CVE-2019-5188.

What is the severity of CVE-2019-5188?

CVE-2019-5188 has a severity rating of 7.5 (high).

Where can I find more information about CVE-2019-5188?

You can find more information about CVE-2019-5188 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/174075), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html).

Vulnerability/
CVE-2019-5188

high

7.5

CWE

787

8/1/2020

4/8/2024

CVE-2019-5188

First published: Wed Jan 08 2020(Updated: )

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Credit: talos-cna@cisco.com talos-cna@cisco.com

Affected Software	Affected Version	How to fix
E2fsprogs Project E2fsprogs	>=1.43.3<=1.45.4
Fedoraproject Fedora	=30
Fedoraproject Fedora	=31
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
openSUSE Leap	=15.1
Netapp Hci Compute Node Firmware
Netapp Hci Compute Node
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node
IBM Security Guardium	<=10.5
IBM Security Guardium	<=10.6
IBM Security Guardium	<=11.0
IBM Security Guardium	<=11.1
IBM Security Guardium	<=11.2
IBM Security Guardium	<=11.3
ubuntu/e2fsprogs	<1.44.1-1ubuntu1.3	1.44.1-1ubuntu1.3
ubuntu/e2fsprogs	<1.44.6-1ubuntu0.2	1.44.6-1ubuntu0.2
ubuntu/e2fsprogs	<1.45.3-4ubuntu2.1	1.45.3-4ubuntu2.1
ubuntu/e2fsprogs	<1.42.9-3ubuntu1.3+	1.42.9-3ubuntu1.3+
ubuntu/e2fsprogs	<1.45.5-1	1.45.5-1
ubuntu/e2fsprogs	<1.42.13-1ubuntu1.2	1.42.13-1ubuntu1.2
debian/e2fsprogs		1.46.2-2 1.47.0-2 1.47.1-1
All of
Netapp Hci Compute Node Firmware
Netapp Hci Compute Node

Remedy

https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff

Remedy

https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-5188?
CVE-2019-5188 is a code execution vulnerability in the directory rehashing functionality of E2fsprogs e2fsck 1.
How does CVE-2019-5188 affect IBM Security Guardium?
IBM Security Guardium versions up to 11.3 are affected by CVE-2019-5188.
Is Debian Debian Linux impacted by CVE-2019-5188?
Yes, Debian Debian Linux versions 8.0 and 9.0 are impacted by CVE-2019-5188.
What is the severity of CVE-2019-5188?
CVE-2019-5188 has a severity rating of 7.5 (high).
Where can I find more information about CVE-2019-5188?
You can find more information about CVE-2019-5188 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/174075), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html).

agent/type
agent/weakness
collector/nvd-index
agent/software-canonical-lookup-request
collector/ibm-support
source/IBM
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/remedy
agent/description
agent/first-publish-date
agent/author
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/nvd-cve
source/NVD
vendor/e2fsprogs project
canonical/e2fsprogs project e2fsprogs
version/e2fsprogs project e2fsprogs/1.43.3
version/e2fsprogs project e2fsprogs/1.45.4
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/30
version/fedoraproject fedora/31
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
vendor/netapp
canonical/netapp hci compute node firmware
canonical/netapp hci compute node
canonical/netapp solidfire\, enterprise sds \& hci storage node
vendor/ibm
canonical/ibm security guardium
version/ibm security guardium/10.5
version/ibm security guardium/10.6
version/ibm security guardium/11.0
version/ibm security guardium/11.1
version/ibm security guardium/11.2
version/ibm security guardium/11.3
package-manager/ubuntu
package-manager/debian

CVE-2019-5188

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2019-5188?

How does CVE-2019-5188 affect IBM Security Guardium?

Is Debian Debian Linux impacted by CVE-2019-5188?

What is the severity of CVE-2019-5188?

Where can I find more information about CVE-2019-5188?

Company

Resources

Contact