Fscrypt Google Fscrypt

Do you want an email whenever new security vulnerabilities are reported in Google Fscrypt?

By the Year

In 2024 there have been 0 vulnerabilities in Google Fscrypt . Fscrypt did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 3 6.10
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 1 6.50

It may take a day or so for new Fscrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Fscrypt Security Vulnerabilities

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem

CVE-2022-25326 5.5 - Medium - February 25, 2022

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.

Resource Exhaustion

The bash_completion script for fscrypt

CVE-2022-25328 7.3 - High - February 25, 2022

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

Shell injection

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files

CVE-2022-25327 5.5 - Medium - February 25, 2022

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above

Incorrect Default Permissions

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications

CVE-2018-6558 6.5 - Medium - August 23, 2018

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Fscrypt or by Google? Click the Watch button to subscribe.

Google
Vendor

subscribe