VYPR
High severity7.1NVD Advisory· Published Feb 19, 2025· Updated Apr 15, 2026

CVE-2024-57262

CVE-2024-57262

Description

In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.

Affected products

2
  • Barebox/Bareboxinferred2 versions
    <2025.01.0+ 1 more
    • (no CPE)range: <2025.01.0
    • (no CPE)range: <2025.01.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.