lwext4 Out-of-Bounds Read Vulnerability in ext4_ext_binsearch_idx Function Causes Denial-of-Service

A denial-of-service vulnerability has been identified in the lwext4 library version 1.0.0. The issue arises from an out-of-bounds read in the ext4_ext_binsearch_idx function, located in src/ext4_extent.c. This vulnerability allows attackers to cause a process crash by supplying a specially crafted ext4 filesystem image. The problem stems from inadequate validation of extent header fields before conducting a binary search over extent index entries. As a result, invalid pointer calculations can lead to out-of-bounds memory reads during the traversal of the extent tree.

Impact

Exploitation of this vulnerability causes an immediate process crash due to a segmentation fault, resulting in a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using the AFL (American Fuzzy Lop) fuzzer to mount and read a crafted ext4 image that exploits the out-of-bounds read. This can be done with the command './afl_ext4_mount_read ./sig11_lwext4_ext4_extent_815'.

Remediation

The vulnerability has been fixed in lwext4 version 1.0.1. Users are advised to upgrade to this version or apply the corresponding patch.