AIKIDO-2025-10654
fuser is vulnerable to Use of Uninitialized Resource
41
Medium Risk
This Affects:
fuserTL;DR
Affected versions of this package are vulnerable to uninitialized memory read and leak in the fuser crate, specifically when creating a new libfuse session with fuser::Session::new, where the operation list is incorrectly passed as NULL instead of a valid pointer, causing libfuse to read and leak uninitialized memory. An attacker could exploit this by inducing the application to initialize a FUSE session, potentially disclosing sensitive data from heap memory, such as passwords or cryptographic keys, which might facilitate information disclosure or, in combination with other vulnerabilities, lead to code execution.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and if you are using the affected function fuser::Session::new when creating a new libfuse session.
Background info
fuser is vulnerable to Use of Uninitialized Resource in versions 0.5.0 - 0.15.1.
How to fix this
Upgrade the fuser library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant