rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for fuser

Browse Source
This commit is contained in:
Alik Aslanyan
2025-09-12 00:32:28 +04:00
committed by Dirkjan Ochtman
parent 9097f1eb5e
commit de3ef76432
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/fuser/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,22 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "fuser"
date = "2021-09-10"
url = "https://github.com/cberner/fuser/pull/390"
references = ["https://github.com/libfuse/libfuse/pull/1330"]
informational = "unsound"
categories = ["code-execution"]
keywords = ["fuse"]
license = "CC0-1.0"
[affected.functions]
"fuser::Session::new" = [">= 0.5.0"]
[versions]
patched = [">= 1.2.0"]
```
# Uninitalized memory read & leak caused by fuser crate
During creation of new libfuse session with `fuse_session_new` operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so