Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1858 — Fuse vulnerability

8 documents7 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 59.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Fuse Fuse

Timeline

PublishedJun 3

Latest updateMay 1

Description

FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/fuse< 2.3.0-1+2

▶NVDfuse/fuse4 versions+3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x4q-c47m-2xv4: FUSE 2↗2022-05-01

▶

CVEList

CVE-2005-1858: FUSE 2↗2005-06-06

▶

OSV

CVE-2005-1858: FUSE 2↗2005-06-03

▶

💥Exploits & PoCs

Exploit-DB

FUSE 2.2/2.3 - Local Information Disclosure↗2005-06-06

▶

📋Vendor Advisories

Debian

CVE-2005-1858: fuse - FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfill...↗2005

▶

💬Community

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30

▶

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)↗2007-04-19

▶