Vulnerability Details : CVE-2015-0247
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-0247
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0247
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2015-0247
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0247
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
openSUSE-SU-2015:1006-1: moderate: Security update for e2fsprogs
-
http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
e2fsprogs Input Sanitization ≈ Packet Storm
-
https://security.gentoo.org/glsa/201701-06
e2fsprogs: Heap-based buffer overflow (GLSA 201701-06) — Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
[SECURITY] Fedora 20 Update: e2fsprogs-1.42.12-3.fc20
-
https://bugzilla.redhat.com/show_bug.cgi?id=1187032
1187032 – (CVE-2015-0247) CVE-2015-0247 e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)
-
http://advisories.mageia.org/MGASA-2015-0061.html
Mageia Advisory: MGASA-2015-0061 - Updated e2fsprogs packages fix CVE-2015-0247
-
http://www.debian.org/security/2015/dsa-3166
Debian -- Security Information -- DSA-3166-1 e2fsprogs
-
http://www.securityfocus.com/bid/72520
e2fsprogs 'lib/ext2fs/openfs.c' Local Heap Based Buffer Overflow Vulnerability
-
http://www.ocert.org/advisories/ocert-2015-002.html
oCERT archiveUS Government Resource
-
http://www.securityfocus.com/archive/1/534633/100/0/threaded
SecurityFocus
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
[SECURITY] Fedora 21 Update: e2fsprogs-1.42.12-1.fc21
-
http://www.ubuntu.com/usn/USN-2507-1
USN-2507-1: e2fsprogs vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
ext2/e2fsprogs.git - Ext2/3/4 filesystem userspace utilities
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
mandriva.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
e2fsprogs libext2fs buffer overflow CVE-2015-0247 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
[SECURITY] Fedora 21 Update: e2fsprogs-1.42.12-3.fc21
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
[security-announce] SUSE-SU-2015:1103-1: important: Security update for
Jump to