CVE-2005-1858

Published: Jun 3, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

Affected (4)

Products: Fuse: Fuse

Fuse

1 product

Fuse

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fuse Fuse	Version 2.2.1
Fuse Fuse	Version 2.2
Fuse Fuse	Version 2.3_pre
Fuse Fuse	Version 2.3_rc1

References (18)

http://bugs.debian.org/311634

Source: security@debian.org

Vendor Advisory

http://secunia.com/advisories/15561/

Source: security@debian.org

PatchVendor Advisory

http://secunia.com/advisories/16024

Source: security@debian.org

http://securitytracker.com/id?1014107

Source: security@debian.org

http://sourceforge.net/project/shownotes.php?release_id=331884

Source: security@debian.org

Vendor Advisory

http://www.debian.org/security/2005/dsa-744

Source: security@debian.org

http://www.osvdb.org/17042

Source: security@debian.org

Vendor Advisory

http://www.securityfocus.com/bid/13857

Source: security@debian.org

http://www.sven-tantau.de/public_files/fuse/fuse_20050603.txt

Source: security@debian.org

Vendor Advisory

http://bugs.debian.org/311634