A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).
Metrics
Affected Vendors & Products
No data.
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|
References
History
Mon, 01 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | NULL Pointer Dereference in lwext4 Causing Denial of Service on Malformed EXT4 Filesystem Images | |
| Weaknesses | CWE-476 |
Mon, 01 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0). | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-01T20:11:21.701Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-70099
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-06-01T21:16:24.187
Modified: 2026-06-01T21:16:24.187
Link: CVE-2025-70099
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-01T21:30:26Z