CVE-2022-25326
MEDIUMfscrypt < 0.3.3 - Uncontrolled Resource Consumption via World-Writable Directory
Title source: llmDescription
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/google/fscrypt/pull/346
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (2)
google/fscrypt
< 0.3.2
google/fscrypt
0 - 0.3.3Go
Published
Feb 25, 2022
Tracked Since
Feb 18, 2026