Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Denial of service via insufficient metadata validation
The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.
For more details, see CVE-2022-25327.
Permalink: https://github.com/advisories/GHSA-p93v-m2r2-4387JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-p93v-m2r2-4387
References:
- https://github.com/google/fscrypt/security/advisories/GHSA-p93v-m2r2-4387
- https://github.com/advisories/GHSA-p93v-m2r2-4387
Blast Radius: 0.0
Affected Packages
go:github.com/google/fscrypt
Dependent packages: 11Dependent repositories: 25
Downloads:
Affected Version Ranges: < 0.3.3
Fixed in: 0.3.3
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2
All unaffected versions: 0.3.3, 0.3.4