Pengutronix Barebox
6 CVEs affecting Pengutronix Barebox. Latest disclosed: 2026-05-11. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34963 | High | 8.4 | 2026-05-11 | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual im… |
CVE-2024-57262 | High | 7.1 | 2025-02-19 | In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inod… |
CVE-2024-57261 | High | 7.1 | 2025-02-19 | In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. |
CVE-2026-34960 | Medium | 6.5 | 2026-05-11 | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to ve… |
CVE-2026-34962 | Medium | 6.2 | 2026-05-11 | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir()… |
CVE-2026-34961 | Medium | 6.2 | 2026-05-11 | barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against… |