Severity
High
Analysis Summary
CVE-2022-25328
Google fscrypt could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper input validation in the bash completion script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-25327
Google fscrypt is vulnerable to a denial of service, caused by validation of the size, type, and owner (for login protectors) of policy and protector files. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-25326
Google fscrypt is vulnerable to a denial of service, caused by validation of the size, type, and owner (for login protectors) of policy and protector files. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Code Execution
Indicators of Compromise
CVE
- CVE-2022-25328
- CVE-2022-25327
- CVE-2022-25326
Affected Vendors
Affected Products
- Google fscrypt 0.3.2
Remediation
Upgrade to the latest version of fscrypt, available from the fscrypt GIT Repository.