{"id":"CVE-2026-34961","summary":"barebox ext4 Extent Parsing Out-of-Bounds Read","details":"barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arbitrary disk offsets.","modified":"2026-07-15T01:49:10.226558659Z","published":"2026-05-11T21:09:10.670Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34961.json","cna_assigner":"VulnCheck","cwe_ids":["CWE-125"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34961.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34961"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/barebox-ext4-extent-parsing-out-of-bounds-read"},{"type":"FIX","url":"https://github.com/barebox/barebox/releases/tag/v2026.04.0"},{"type":"PACKAGE","url":"https://github.com/barebox/barebox"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/barebox/barebox","events":[{"introduced":"0"},{"fixed":"c3e3a36f1511a7b4f34061b7be118085b80f7165"}],"database_specific":{"source":["AFFECTED_FIELD","CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:pengutronix:barebox:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2026.04.0"}]}}],"versions":["v2026.03.0","v2026.02.0","v2026.01.0","v2025.12.0","v2025.09.0","v2025.11.0","v2025.10.0","v2025.08.0","v2025.07.0","v2025.06.0","v2025.05.0","v2025.04.0","v2025.03.0","v2025.02.0","v2025.01.0","v2024.12.0","v2024.09.0","v2024.08.0","v2024.07.0","v2024.05.0","v2024.04.0","v2024.03.0","v2024.02.0","v2024.01.0","v2023.12.0","v2023.11.0","v2023.10.0","v2023.09.0","v2023.08.0","v2023.07.1","v2023.07.0","v2023.06.0","v2023.05.0","v2023.04.0","v2023.03.0","v2023.02.0","v2023.01.0","v2022.12.0","v2022.11.0","v2022.10.0","v2022.08.0","v2022.09.0","v2022.06.0","v2022.05.0","v2022.04.0","v2022.03.0","v2022.02.0","v2022.01.0","v2021.12.0","v2021.11.0","v2021.10.0","v2021.08.0","v2021.07.0","v2021.06.0","v2021.05.0","v2021.03.0","v2021.02.0","v2021.01.0","v2020.12.0","v2020.11.0","v2020.10.0","v2020.09.0","v2020.08.0","v2020.07.0","v2020.06.0","v2020.05.0","v2020.04.0","v2020.03.0","v2020.02.0","v2020.01.0","v2019.12.0","v2019.11.0","v2019.10.0","v2019.09.0","v2019.08.0","v2019.07.0","v2019.06.0","v2019.05.0","v2019.04.0","v2019.03.0","v2019.02.0","v2019.01.0","v2018.12.0","v2018.11.0","v2018.10.0","v2018.09.0","v2018.08.0","v2018.07.0","v2018.06.0","v2018.05.0","v2018.04.0","v2018.03.0","v2018.02.0","v2018.01.0","v2017.12.0","v2017.11.0","v2017.10.0","v2017.09.0","v2017.08.0","v2017.07.0","v2017.06.0","v2017.05.0","v2017.04.0","v2017.03.0","v2017.02.0","v2017.01.0","v2016.11.0","v2016.10.0","v2016.08.0","v2016.09.0","v2016.07.0","v2016.06.0","v2016.05.0","v2016.04.0","v2016.03.0","v2016.02.0","v2016.01.0","v2015.12.0","v2015.11.0","v2015.10.0","v2015.09.0","v2015.08.0","v2015.07.0","v2015.06.0","v2015.05.0","v2015.04.0","v2015.03.0","v2015.02.0","v2015.01.0","v2014.12.0","v2014.11.0","v2014.10.0","v2014.09.0","v2014.08.0","v2014.07.0","v2014.06.0","v2014.05.0","v2014.04.0","v2014.03.0","v2014.02.0","v2014.01.0","v2013.12.0","v2013.11.0","v2013.10.0","v2013.09.0","v2013.08.0","v2013.07.0","v2013.06.0","v2013.05.0","v2013.04.0","v2013.03.0","v2013.02.0","v2013.01.0","v2012.12.0","v2012.11.0","v2012.10.0","v2012.09.0","v2012.08.0","v2012.07.0","v2012.06.0","v2012.05.0","v2012.04.0","v2012.03.0","v2012.02.0","v2012.01.0","v2011.12.0","v2011.11.0","v2011.10.0","v2011.09.0","v2011.08.0","v2011.07.0","v2011.06.0","v2011.05.0","v2011.04.0","v2011.03.0","v2011.02.0","v2011.01.0","v2010.12.0","v2010.11.0","v2010.10.0","v2010.09.0","v2010.08.0","v2010.07.0","v2010.06.0","v2010.05.0","v2010.04.0","v2010.03.0","v2010.02.0","v2009.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34961.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}