ГлавнаяУязвимости → CVE-2024-57262
7.1высокая

CVE-2024-57262

Описание

In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.

CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d8https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d87ba6f88a9ea50e71f107b514ff4e