From de3ef76432f83d6b167b23cff107637483d565c6 Mon Sep 17 00:00:00 2001
From: Alik Aslanyan <inline0@pm.me>
Date: Fri, 12 Sep 2025 00:32:28 +0400
Subject: [PATCH] Add advisory for fuser

---
 crates/fuser/RUSTSEC-0000-0000.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/fuser/RUSTSEC-0000-0000.md

diff --git a/crates/fuser/RUSTSEC-0000-0000.md b/crates/fuser/RUSTSEC-0000-0000.md
new file mode 100644
index 00000000..b3f01648
--- /dev/null
+++ b/crates/fuser/RUSTSEC-0000-0000.md
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "fuser"
+date = "2021-09-10"
+url = "https://github.com/cberner/fuser/pull/390"
+references = ["https://github.com/libfuse/libfuse/pull/1330"]
+informational = "unsound"
+categories = ["code-execution"]
+keywords = ["fuse"]
+license = "CC0-1.0"
+
+[affected.functions]
+"fuser::Session::new" = [">= 0.5.0"]
+
+[versions]
+patched = [">= 1.2.0"]
+```
+
+# Uninitalized memory read & leak caused by fuser crate
+
+During creation of new libfuse session with `fuse_session_new` operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so
\ No newline at end of file