{"id":"CVE-2020-6070","details":"An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.","modified":"2026-02-11T07:36:13.807425Z","published":"2020-08-10T14:15:13.140Z","related":["MGASA-2020-0436"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SZ4HMQKNI35NBWJI6XMJBGWPEKZRR72/"},{"type":"ADVISORY","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs-tools.git","events":[{"introduced":"0"},{"last_affected":"21d5a11ecbfdffc121eeb7822983db7eb80306b9"}]}],"versions":["v1.0.0","v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.2.0","v1.3.0","v1.4.0","v1.4.1","v1.5.0","v1.6.0","v1.6.1","v1.7.0","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6070.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}