216.73.216.133

CVE-2026-34962

· Published 11/05/2026 23:19 · Modified 11/05/2026 23:19

Labels: CVE-2026-34962 2026-05-11CVE-2026-34962CWE-835[email protected]

Essential information

Published
11/05/2026 23:19
Modified
11/05/2026 23:19
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
barebox / barebox cpe:2.3:a:barebox:barebox:<2026.04.0:*:*:*:*:*:*:*

References