Lilith [^_^] of Cisco Talos discovered this vulnerability.

E2fsprogs contains an exploitable code execution vulnerability in its directory rehashing functionality. This set of programs is often considered essential software for many Linux and Unix

machines and ships by default on most Linux systems. An attacker could exploit this vulnerability by causing an out-of-bounds write on the stack, which would then allow them to execute code on the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with E2fsprogs to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

E2fsprogs e2fsck rehash.c mutate_name() code execution vulnerability (TALOS-2019-0973/CVE-2019-5188)

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that versions 1.43.3 - 1.45.3 of E2fsprogs are affected by this vulnerability.


The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or

Snort Rules: 52570, 52571