N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-cvmj-47v9-35m9

EPSS Score

CWE

CWE-908

Published

9/15/2025

Updated

9/15/2025

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-cvmj-47v9-35m9

GHSA-cvmj-47v9-35m9: FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

During the creation of a new libfuse session with fuse_session_new, the operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-cvmj-47v9-35m9

EPSS Score

CWE

CWE-908

Published

9/15/2025

Updated

9/15/2025

KEV Status

Technology

Rust

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
fuser	rust	< 0.16.0	0.16.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the incorrect invocation of the fuse_session_new C function from the libfuse library within the fuser Rust crate. The analysis of the provided patch in pull request #390 clearly shows the fix. The commit 8daba15728da46d9299a2b23daa3aeb9954e114e modifies src/mnt/fuse3.rs inside the Mount::new function. The vulnerable line let fuse_session = unsafe { fuse_session_new(args, ptr::null(), 0, ptr::null_mut()) }; is replaced with code that correctly initializes a fuse_lowlevel_ops struct and passes a pointer to it to fuse_session_new. This directly addresses the vulnerability described, which is an uninitialized memory read due to the null pointer argument. Therefore, the fuser::mnt::fuse3::Mount::new function is the vulnerable function as it is the one that performs the unsafe and incorrect call.

Vulnerable functions

fuser::mnt::fuse3::Mount::new

src/mnt/fuse3.rs

The function `Mount::new` in `src/mnt/fuse3.rs` calls the external C function `fuse_session_new` with a null pointer (`ptr::null()`) as the second argument, which is meant to be a pointer to a `fuse_lowlevel_ops` struct. This causes the underlying `libfuse` library to read from uninitialized memory, leading to a memory leak and potential crash.

WAF Protection Rules

WAF Rule

*urin* t** *r**tion o* * n*w li**us* s*ssion wit* `*us*_s*ssion_n*w`, t** op*r*tion list w*s p*ss** *s NULL in*orr**tly. li**us* *xp**ts t*is *r*um*nt to *lw*ys point to list o* op*r*tions. T*is **us** uniniti*liz** m*mory r*** *n* l**ks in li**us*.s

Reasoning

T** vuln*r**ility li*s in t** in*orr**t invo**tion o* t** `*us*_s*ssion_n*w` * *un*tion *rom t** `li**us*` li*r*ry wit*in t** `*us*r` Rust *r*t*. T** *n*lysis o* t** provi*** p*t** in pull r*qu*st #*** *l**rly s*ows t** *ix. T** *ommit `*************

N/A

Basic Information

Concerned about an active attack path?

GHSA-cvmj-47v9-35m9: FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI