What is GHSA-4v99-r46p-gx3v?

GHSA-4v99-r46p-gx3v is a security advisory published by GitHub Security Advisories with Medium severity. An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1...

Which CVE IDs does GHSA-4v99-r46p-gx3v cover?

GHSA-4v99-r46p-gx3v covers the following CVE IDs: CVE-2025-70101. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4v99-r46p-gx3v?

GHSA-4v99-r46p-gx3v has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-4v99-r46p-gx3vMediumCVSS 6.5

An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2025-70101 →

📋 Description

An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before performing a binary search over extent index entries, which can result in invalid pointer calculations and an out-of-bounds memory read during extent tree traversal.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2025-70101
https://github.com/gkostka/lwext4/issues/91
https://github.com/sigdevel/pocs/blob/main/res/lwext4/3/sig11_lwext4_ext4_extent_815
https://infosec.exchange/@sigdevel/116668958927817708
https://github.com/advisories/GHSA-4v99-r46p-gx3v