{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T05:03:52.729","vulnerabilities":[{"cve":{"id":"CVE-2024-57262","sourceIdentifier":"cve@mitre.org","published":"2025-02-19T02:15:08.677","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256."},{"lang":"es","value":"En Barbox antes de 2025.01.0, Ext4fs_read_symlink tiene un desbordamiento entero para Zalloc (agregando uno a una variable LE32) a través de un sistema de archivos manipulado ext4 con un tamaño de inodo de 0xffffffff, resultando en un malloc de cero y resultante sobrescribe de memoria, un Problema relacionado con CVE-2024-57256."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d8","source":"cve@mitre.org"},{"url":"https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d87ba6f88a9ea50e71f107b514ff4e","source":"cve@mitre.org"}]}}]}