Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-ALPINE315-E2FSPROGS-3339845
- published 6 Mar 2023
- disclosed 14 Apr 2022
How to fix?
e2fsprogs to version 1.46.6-r0 or higher.
Note: Versions mentioned in the description apply only to the upstream
e2fsprogs package and not the
e2fsprogs package as distributed by
How to fix? for
Alpine:3.15 relevant fixed versions and status.
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.