Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Denial of service via insufficient metadata validation
The PAM module for fscrypt
through v0.3.2 doesn't adequately validate fscrypt
metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt
metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.
For more details, see CVE-2022-25327.
Permalink: https://github.com/advisories/GHSA-p93v-m2r2-4387JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-p93v-m2r2-4387
References:
- https://github.com/google/fscrypt/security/advisories/GHSA-p93v-m2r2-4387
- https://github.com/advisories/GHSA-p93v-m2r2-4387
Blast Radius: 0.0
Affected Packages
go:github.com/google/fscrypt
Dependent packages: 21Dependent repositories: 25
Downloads:
Affected Version Ranges: < 0.3.3
Fixed in: 0.3.3
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2
All unaffected versions: 0.3.3, 0.3.4