Improper Validation of Specified Quantity in Input Affecting nilfs-dev/nilfs-utils package, versions [,2.3.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.11% (2nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-NILFSDEVNILFSUTILS-17660950
  • published28 Jun 2026
  • disclosed18 Jun 2026
  • creditUnknown

Introduced: 18 Jun 2026

NewCVE-2026-55392  (opens in a new tab)
CWE-1284  (opens in a new tab)

How to fix?

Upgrade nilfs-dev/nilfs-utils to version 2.3.1 or higher.

Overview

Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the nilfs_sb_is_valid function when processing NILFS2 images with improperly validated s_log_block_size fields in the superblock. An attacker can cause a crash or trigger out-of-memory conditions by supplying a crafted NILFS2 image to tools such as nilfs-tune or dumpseg. This is only exploitable if a user interacts with a malicious NILFS2 image.

Workaround

This vulnerability can be mitigated by avoiding the processing of NILFS2 images from untrusted sources and restricting the use of NILFS utilities to trusted administrators and environments.

CVSS Base Scores

version 4.0
version 3.1