CVE-2025-70101
EUVD-2025-21005503.06.2026, 14:16
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before performing a binary search over extent index entries, which can result in invalid pointer calculations and an out-of-bounds memory read during extent tree traversal.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gkostka | lwext4 | 1.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration