Google Fscrypt
By the Year
In 2023 there have been 0 vulnerabilities in Google Fscrypt . Last year Fscrypt had 3 security vulnerabilities published. Right now, Fscrypt is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 3 | 6.10 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.50 |
It may take a day or so for new Fscrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Fscrypt Security Vulnerabilities
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem
CVE-2022-25326
5.5 - Medium
- February 25, 2022
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
Resource Exhaustion
The bash_completion script for fscrypt
CVE-2022-25328
7.3 - High
- February 25, 2022
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above
Shell injection
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files
CVE-2022-25327
5.5 - Medium
- February 25, 2022
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above
Incorrect Default Permissions
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications
CVE-2018-6558
6.5 - Medium
- August 23, 2018
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Fscrypt or by Google? Click the Watch button to subscribe.
