CVE-2022-1304

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

References

Affected packages

Git / github.com/tytso/e2fsprogs

Affected ranges

Type

GIT

Repo

https://github.com/tytso/e2fsprogs

Events

Introduced

Last affected

704b18b9ed66f87e070260787973fe85a470ec1d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.46.5"
        }
    ]
}

Affected versions

1.*

1.43

1.43.4

Other

APPLE_UUID_SNAP_1

E2FSPROGS-0_5B

E2FSPROGS-0_5C

E2FSPROGS-1_01

E2FSPROGS-1_02

E2FSPROGS-1_03

E2FSPROGS-1_04

E2FSPROGS-1_05

E2FSPROGS-1_06

E2FSPROGS-1_07

E2FSPROGS-1_09

E2FSPROGS-1_10

E2FSPROGS-1_11

E2FSPROGS-1_12

E2FSPROGS-1_13

E2FSPROGS-1_15

E2FSPROGS-1_16

E2FSPROGS-1_17

E2FSPROGS-1_19

E2FSPROGS-1_20

E2FSPROGS-1_21

E2FSPROGS-1_22

E2FSPROGS-1_23

E2FSPROGS-1_23-WIP-0720

E2FSPROGS-1_23-WIP-0722

E2FSPROGS-1_23-WIP-0727

E2FSPROGS-1_24

E2FSPROGS-1_24a

E2FSPROGS-1_26

E2FSPROGS-1_26-WIP-1224

E2FSPROGS-1_27

E2FSPROGS-1_28

E2FSPROGS-1_29

E2FSPROGS-1_30

E2FSPROGS-1_31

E2FSPROGS-1_32

E2FSPROGS-1_33

E2FSPROGS-1_33-WIP-0306

E2FSPROGS-1_33-WIP-0314

E2FSPROGS-1_33-WIP-0316

E2FSPROGS-1_33-WIP-0325

E2FSPROGS-1_33-WIP-0330

E2FSPROGS-1_33-WIP-0414

E2FSPROGS-1_34

E2FSPROGS-1_34-WIP-0521

E2FSPROGS-1_35

E2FSPROGS-1_35-WIP-0131

E2FSPROGS-1_35-WIP-0801

E2FSPROGS-1_35-WIP-0821

E2FSPROGS-1_35-WIP-1207

E2FSPROGS-1_36

E2FSPROGS-1_37

E2FSPROGS-1_38

E2FSPROGS-1_38-WIP-0509

E2FSPROGS-1_38-WIP-0620

E2FSPROGS-1_39

E2FSPROGS-1_40

E2FSPROGS-1_40-WIP-1114

PQ_SNAPSHOT_971103

RESIZE2FS-1_03

WIP-20010620

WIP-20011130

E2FSPROGS-1.*

E2FSPROGS-1.25

E2FSPROGS-1.27-WIP-0305

E2FSPROGS-1.28-WIP-0626

E2FSPROGS-1.28-WIP-0817

E2FSPROGS-1.30-WIP-0930

E2FSPROGS-1.39-WIP-0330

E2FSPROGS-1.39-WIP-0409

E2FSPROGS-1.39-WIP-1210

E2FSPROGS-1.39-WIP-1231

debian-1.*

debian-1.41.12-2

debian/1.*

debian/1.44.3-1

v1.*

v1.40

v1.40.1

v1.40.10

v1.40.11

v1.40.2

v1.40.3

v1.40.4

v1.40.5

v1.40.6

v1.40.7

v1.40.8

v1.40.9

v1.41-WIP-0427

v1.41-WIP-0617

v1.41-WIP-0707

v1.41.0

v1.41.1

v1.41.10

v1.41.11

v1.41.12

v1.41.13

v1.41.14

v1.41.2

v1.41.3

v1.41.4

v1.41.5

v1.41.6

v1.41.7

v1.41.8

v1.41.9

v1.42

v1.42-WIP-0702

v1.42-WIP-0916

v1.42-WIP-0925

v1.42-WIP-1001

v1.42-WIP-1005

v1.42-WIP-1009

v1.42-WIP-1016

v1.42-WIP-1120

v1.42.1

v1.42.10

v1.42.11

v1.42.12

v1.42.13

v1.42.2

v1.42.3

v1.42.4

v1.42.5

v1.42.6

v1.42.7

v1.42.8

v1.42.9

v1.43

v1.43-WIP-2012-09-22

v1.43-WIP-2015-05-18

v1.43-WIP-2016-03-15

v1.43-WIP-2016-05-12

v1.43.1

v1.43.2

v1.43.3

v1.43.4

v1.43.5

v1.43.6

v1.43.7

v1.43.8

v1.43.9

v1.44.0

v1.44.0-rc1

v1.44.0-rc2

v1.44.1

v1.44.2

v1.44.3

v1.44.3-rc1

v1.44.3-rc2

v1.44.4

v1.44.5

v1.44.6

v1.45.0

v1.45.1

v1.45.1-rc1

v1.45.2

v1.45.3

v1.45.4

v1.45.5

v1.45.6

v1.45.7

v1.46.0

v1.46.1

v1.46.2

v1.46.3

v1.46.4

v1.46.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1304.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]