{"id":"ALPINE-CVE-2022-1304","details":"An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.","modified":"2025-11-19T06:19:36.390535Z","published":"2022-04-14T21:15:08.490Z","upstream":["CVE-2022-1304"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2022-1304"}],"affected":[{"package":{"name":"e2fsprogs","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/e2fsprogs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.46.2-r1"}]}],"versions":["1.41.10-r0","1.41.11-r0","1.41.11-r1","1.41.12-r0","1.41.13-r0","1.41.14-r0","1.41.14-r1","1.41.14-r2","1.41.3-r1","1.41.3-r2","1.41.3-r3","1.41.4-r0","1.41.4-r1","1.41.5-r0","1.41.6-r0","1.41.8-r0","1.41.8-r1","1.41.8-r2","1.41.9-r0","1.41.9-r1","1.41.9-r2","1.41.9-r3","1.42.10-r0","1.42.11-r0","1.42.12-r0","1.42.12-r1","1.42.13-r0","1.42.13-r1","1.42.13-r2","1.42.3-r0","1.42.4-r0","1.42.5-r0","1.42.6-r0","1.42.7-r0","1.42.8-r0","1.42.8-r1","1.42.9-r0","1.43-r0","1.43-r1","1.43-r2","1.43.1-r0","1.43.2-r0","1.43.3-r0","1.43.4-r0","1.43.6-r0","1.43.7-r0","1.43.8-r0","1.43.8-r1","1.43.9-r0","1.44.0-r0","1.44.1-r0","1.44.2-r0","1.44.3-r0","1.44.4-r0","1.44.5-r0","1.45.0-r0","1.45.1-r0","1.45.2-r0","1.45.3-r0","1.45.4-r0","1.45.5-r0","1.45.6-r0","1.45.6-r1","1.45.7-r0","1.46.1-r0","1.46.2-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1304.json"}},{"package":{"name":"e2fsprogs","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/e2fsprogs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.46.6-r0"}]}],"versions":["1.41.10-r0","1.41.11-r0","1.41.11-r1","1.41.12-r0","1.41.13-r0","1.41.14-r0","1.41.14-r1","1.41.14-r2","1.41.3-r1","1.41.3-r2","1.41.3-r3","1.41.4-r0","1.41.4-r1","1.41.5-r0","1.41.6-r0","1.41.8-r0","1.41.8-r1","1.41.8-r2","1.41.9-r0","1.41.9-r1","1.41.9-r2","1.41.9-r3","1.42.10-r0","1.42.11-r0","1.42.12-r0","1.42.12-r1","1.42.13-r0","1.42.13-r1","1.42.13-r2","1.42.3-r0","1.42.4-r0","1.42.5-r0","1.42.6-r0","1.42.7-r0","1.42.8-r0","1.42.8-r1","1.42.9-r0","1.43-r0","1.43-r1","1.43-r2","1.43.1-r0","1.43.2-r0","1.43.3-r0","1.43.4-r0","1.43.6-r0","1.43.7-r0","1.43.8-r0","1.43.8-r1","1.43.9-r0","1.44.0-r0","1.44.1-r0","1.44.2-r0","1.44.3-r0","1.44.4-r0","1.44.5-r0","1.45.0-r0","1.45.1-r0","1.45.2-r0","1.45.3-r0","1.45.4-r0","1.45.5-r0","1.45.6-r0","1.45.6-r1","1.45.7-r0","1.46.1-r0","1.46.2-r0","1.46.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1304.json"}},{"package":{"name":"e2fsprogs","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/e2fsprogs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.46.6-r0"}]}],"versions":["1.41.10-r0","1.41.11-r0","1.41.11-r1","1.41.12-r0","1.41.13-r0","1.41.14-r0","1.41.14-r1","1.41.14-r2","1.41.3-r1","1.41.3-r2","1.41.3-r3","1.41.4-r0","1.41.4-r1","1.41.5-r0","1.41.6-r0","1.41.8-r0","1.41.8-r1","1.41.8-r2","1.41.9-r0","1.41.9-r1","1.41.9-r2","1.41.9-r3","1.42.10-r0","1.42.11-r0","1.42.12-r0","1.42.12-r1","1.42.13-r0","1.42.13-r1","1.42.13-r2","1.42.3-r0","1.42.4-r0","1.42.5-r0","1.42.6-r0","1.42.7-r0","1.42.8-r0","1.42.8-r1","1.42.9-r0","1.43-r0","1.43-r1","1.43-r2","1.43.1-r0","1.43.2-r0","1.43.3-r0","1.43.4-r0","1.43.6-r0","1.43.7-r0","1.43.8-r0","1.43.8-r1","1.43.9-r0","1.44.0-r0","1.44.1-r0","1.44.2-r0","1.44.3-r0","1.44.4-r0","1.44.5-r0","1.45.0-r0","1.45.1-r0","1.45.2-r0","1.45.3-r0","1.45.4-r0","1.45.5-r0","1.45.6-r0","1.45.6-r1","1.45.7-r0","1.46.1-r0","1.46.2-r0","1.46.4-r0","1.46.5-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1304.json"}},{"package":{"name":"e2fsprogs","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/e2fsprogs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.46.6-r0"}]}],"versions":["1.41.10-r0","1.41.11-r0","1.41.11-r1","1.41.12-r0","1.41.13-r0","1.41.14-r0","1.41.14-r1","1.41.14-r2","1.41.3-r1","1.41.3-r2","1.41.3-r3","1.41.4-r0","1.41.4-r1","1.41.5-r0","1.41.6-r0","1.41.8-r0","1.41.8-r1","1.41.8-r2","1.41.9-r0","1.41.9-r1","1.41.9-r2","1.41.9-r3","1.42.10-r0","1.42.11-r0","1.42.12-r0","1.42.12-r1","1.42.13-r0","1.42.13-r1","1.42.13-r2","1.42.3-r0","1.42.4-r0","1.42.5-r0","1.42.6-r0","1.42.7-r0","1.42.8-r0","1.42.8-r1","1.42.9-r0","1.43-r0","1.43-r1","1.43-r2","1.43.1-r0","1.43.2-r0","1.43.3-r0","1.43.4-r0","1.43.6-r0","1.43.7-r0","1.43.8-r0","1.43.8-r1","1.43.9-r0","1.44.0-r0","1.44.1-r0","1.44.2-r0","1.44.3-r0","1.44.4-r0","1.44.5-r0","1.45.0-r0","1.45.1-r0","1.45.2-r0","1.45.3-r0","1.45.4-r0","1.45.5-r0","1.45.6-r0","1.45.6-r1","1.45.7-r0","1.46.1-r0","1.46.2-r0","1.46.4-r0","1.46.5-r0","1.46.5-r1","1.46.5-r2","1.46.5-r3","1.46.5-r4"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-1304.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}