GHSA-p93v-m2r2-4387

Опубликовано: 01 мар. 2022

Источник: github

Github: Прошло ревью

Описание

Denial of service via insufficient metadata validation

The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.

For more details, see CVE-2022-25327.

Ссылки

https://github.com/google/fscrypt/security/advisories/GHSA-p93v-m2r2-4387

Пакеты

Наименование

github.com/google/fscrypt

Затронутые версииВерсия исправления

< 0.3.3

0.3.3