{
  "threat_severity" : "Low",
  "public_date" : "2015-02-11T00:00:00Z",
  "bugzilla" : {
    "description" : "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)",
    "id" : "1193945",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193945"
  },
  "cvss" : {
    "cvss_base_score" : "6.2",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:C/I:C/A:C",
    "status" : "draft"
  },
  "cwe" : "CWE-122",
  "details" : [ "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", "A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code." ],
  "statement" : "This issue affects e2fsprogs packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects e4fsprogs packages as shipped with Red Hat Enterprise Linux 5. The issue is not planned to be addressed in Red Hat Enterprise Linux 5.\nThis issue did not affect e2fsprogs packages as shipped with Red Hat Enterprise Linux 5.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "e2fsprogs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "e4fsprogs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "e2fsprogs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "e2fsprogs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1572\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1572" ],
  "name" : "CVE-2015-1572",
  "csaw" : false
}