Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Possible filesystem space exhaustion by local users
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt v0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
For more details, see CVE-2022-25326 and https://github.com/google/fscrypt#setting-up-fscrypt-on-a-filesystem.
Permalink: https://github.com/advisories/GHSA-chxf-fjcf-7fwpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-chxf-fjcf-7fwp
References:
- https://github.com/google/fscrypt/security/advisories/GHSA-chxf-fjcf-7fwp
- https://github.com/advisories/GHSA-chxf-fjcf-7fwp
Blast Radius: 0.0
Affected Packages
go:github.com/google/fscrypt
Dependent packages: 11Dependent repositories: 25
Downloads:
Affected Version Ranges: < 0.3.3
Fixed in: 0.3.3
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2
All unaffected versions: 0.3.3, 0.3.4