github.com/google/fscrypt

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/google/fscryptpage 1 of 1

CVE-2018-6558MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.2.4
2018-08-23
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applic…
CVE-2022-25326MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.3.3
2022-02-25
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on e…
CVE-2022-25327MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.3.3
2022-02-25
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt met…
CVE-2022-25328MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.3.3
2022-02-25
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially esc…

Check whether github.com/google/fscrypt is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/google/fscrypt CVEs against the assets you own.

Start Free Scan →