GHSA-p93v-m2r2-4387

Suggest an improvement
Source
https://github.com/advisories/GHSA-p93v-m2r2-4387
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-p93v-m2r2-4387/GHSA-p93v-m2r2-4387.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p93v-m2r2-4387
Aliases
Published
2022-03-01T21:05:01Z
Modified
2024-08-21T14:57:30.941114Z
Summary
Denial of service via insufficient metadata validation
Details

The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.

For more details, see CVE-2022-25327.

Database specific 
{
    "cwe_ids": [],
    "github_reviewed": true,
    "nvd_published_at": null,
    "github_reviewed_at": "2022-03-01T21:05:01Z",
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/google/fscrypt

Package

Name
github.com/google/fscrypt
View open source insights on deps.dev
Purl
pkg:golang/github.com/google/fscrypt

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.3