GHSA-cvmj-47v9-35m9

Опубликовано: 15 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.2

Описание

FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

During the creation of a new libfuse session with fuse_session_new, the operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so.

Ссылки

https://github.com/cberner/fuser/pull/390
https://rustsec.org/advisories/RUSTSEC-2021-0154.html

Пакеты

Наименование

fuser

rust

Затронутые версииВерсия исправления

< 0.16.0

0.16.0

8.2 High

CVSS4

Дефекты

CWE-908

8.2 High

CVSS4

Дефекты

CWE-908