ReportizFlow
Filtered by vendor Gkostka
Subscriptions
Filtered by product Lwext4
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70099 | 1 Gkostka | 1 Lwext4 | 2026-06-02 | 7.5 High |
| A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0). | ||||
Page 1 of 1.