CVE-2015-0247 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Vendor	Product	Version
e2fsprogs_project	e2fsprogs	𝑥 ≤ 1.42.11
debian	debian_linux	7.0
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

e2fsprogs

bullseye	1.46.2-2 fixed
bullseye (security)	1.46.2-2+deb11u1 fixed
bookworm	1.47.0-2 fixed
sid	1.47.1-1 fixed
trixie	1.47.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

e2fsprogs

utopic	Fixed 1.42.10-1.1ubuntu1.2 released
trusty	Fixed 1.42.9-3ubuntu1.2 released
precise	Fixed 1.42-1ubuntu2.2 released
lucid	Fixed 1.41.11-1ubuntu2.3 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://advisories.mageia.org/MGASA-2015-0061.html

http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html

http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html

http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html

http://www.debian.org/security/2015/dsa-3166

http://www.mandriva.com/security/advisories?name=MDVSA-2015:045

http://www.mandriva.com/security/advisories?name=MDVSA-2015:067

http://www.ocert.org/advisories/ocert-2015-002.html

http://www.securityfocus.com/archive/1/534633/100/0/threaded

http://www.securityfocus.com/bid/72520

http://www.ubuntu.com/usn/USN-2507-1

https://bugzilla.redhat.com/show_bug.cgi?id=1187032

https://exchange.xforce.ibmcloud.com/vulnerabilities/100740

https://security.gentoo.org/glsa/201701-06

http://advisories.mageia.org/MGASA-2015-0061.html

http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html

http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html

http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html

http://www.debian.org/security/2015/dsa-3166

http://www.mandriva.com/security/advisories?name=MDVSA-2015:045

http://www.mandriva.com/security/advisories?name=MDVSA-2015:067

http://www.ocert.org/advisories/ocert-2015-002.html

http://www.securityfocus.com/archive/1/534633/100/0/threaded

http://www.securityfocus.com/bid/72520

http://www.ubuntu.com/usn/USN-2507-1

https://bugzilla.redhat.com/show_bug.cgi?id=1187032

https://exchange.xforce.ibmcloud.com/vulnerabilities/100740

https://security.gentoo.org/glsa/201701-06