Vulnerability Details CVE-2022-25326
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
Products affected by CVE-2022-25326
-
cpe:2.3:a:google:fscrypt:0.1.0
-
cpe:2.3:a:google:fscrypt:0.2.0
-
cpe:2.3:a:google:fscrypt:0.2.1
-
cpe:2.3:a:google:fscrypt:0.2.2
-
cpe:2.3:a:google:fscrypt:0.2.3
-
cpe:2.3:a:google:fscrypt:0.2.4