CVE-2026-45252 in FreeBSDinformação

Sumário

de MITRE • 21/05/2026

When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated.

If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Freebsd

Reservar

11/05/2026

Divulgação

21/05/2026

Moderação

aceite

Entrada

VDB-364988

CPE

pronto

CWE

CWE-122 (confirmado)

CVSS

5.5 (CISA-ADP)

EPSS

0.00062

KEV

não

Atividades

muito baixo

Sector

Transportation, Hospital, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45252
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45252
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45252/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!