{"url":"http://public2.vulnerablecode.io/api/packages/42734?format=json","purl":"pkg:deb/debian/fscrypt@0.2.9-1?distro=trixie","type":"deb","namespace":"debian","name":"fscrypt","version":"0.2.9-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.3.3-1","latest_non_vulnerable_version":"0.3.5-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163550?format=json","vulnerability_id":"VCID-ae8w-a2vr-2ucq","summary":"fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25326","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09832","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25326"},{"reference_url":"https://github.com/google/fscrypt","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt"},{"reference_url":"https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25326","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25326"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485","reference_id":"1006485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485"},{"reference_url":"https://github.com/google/fscrypt/pull/346","reference_id":"346","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:08Z/"}],"url":"https://github.com/google/fscrypt/pull/346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42732?format=json","purl":"pkg:deb/debian/fscrypt@0.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42735?format=json","purl":"pkg:deb/debian/fscrypt@0.3.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-25326","GHSA-mpq4-rjj8-fjph"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ae8w-a2vr-2ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163538?format=json","vulnerability_id":"VCID-j21y-w2wp-u3cd","summary":"The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25328","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13435","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25328"},{"reference_url":"https://github.com/google/fscrypt","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25328","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485","reference_id":"1006485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485"},{"reference_url":"https://github.com/google/fscrypt/pull/346","reference_id":"346","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:13Z/"}],"url":"https://github.com/google/fscrypt/pull/346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42732?format=json","purl":"pkg:deb/debian/fscrypt@0.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42735?format=json","purl":"pkg:deb/debian/fscrypt@0.3.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-25328","GHSA-wxjg-p59j-6c92"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j21y-w2wp-u3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163526?format=json","vulnerability_id":"VCID-vs5j-8nsa-53dn","summary":"The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25327","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11752","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25327"},{"reference_url":"https://github.com/google/fscrypt","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt"},{"reference_url":"https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25327","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485","reference_id":"1006485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006485"},{"reference_url":"https://github.com/google/fscrypt/pull/346","reference_id":"346","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:10Z/"}],"url":"https://github.com/google/fscrypt/pull/346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42732?format=json","purl":"pkg:deb/debian/fscrypt@0.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42735?format=json","purl":"pkg:deb/debian/fscrypt@0.3.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.5-1%3Fdistro=trixie"}],"aliases":["CVE-2022-25327","GHSA-8vwm-8vj8-rqjf"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs5j-8nsa-53dn"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206456?format=json","vulnerability_id":"VCID-wvqz-b6d8-e7as","summary":"The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6558","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3444","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6558"},{"reference_url":"https://github.com/google/fscrypt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt"},{"reference_url":"https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b"},{"reference_url":"https://github.com/google/fscrypt/commit/315f9b042237200174a1fb99427f74027e191d66","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt/commit/315f9b042237200174a1fb99427f74027e191d66"},{"reference_url":"https://github.com/google/fscrypt/issues/77","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/fscrypt/issues/77"},{"reference_url":"https://launchpad.net/bugs/1787548","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1787548"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6558","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6558"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0027","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0027"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907074","reference_id":"907074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907074"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42733?format=json","purl":"pkg:deb/debian/fscrypt@0.2.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42734?format=json","purl":"pkg:deb/debian/fscrypt@0.2.9-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ae8w-a2vr-2ucq"},{"vulnerability":"VCID-j21y-w2wp-u3cd"},{"vulnerability":"VCID-vs5j-8nsa-53dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42732?format=json","purl":"pkg:deb/debian/fscrypt@0.3.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/42735?format=json","purl":"pkg:deb/debian/fscrypt@0.3.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.3.5-1%3Fdistro=trixie"}],"aliases":["CVE-2018-6558","GHSA-qj26-7grj-whg3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvqz-b6d8-e7as"}],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fscrypt@0.2.9-1%3Fdistro=trixie"}