FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

Published: Sep 15, 2025
Updated: Sep 16, 2025
GHSA: <a href="https://github.com/advisories/GHSA-cvmj-47v9-35m9" target="_blank" rel="noopener"> GHSA-cvmj-47v9-35m9
Severity: High
Exploit:

During the creation of a new libfuse session with fuse_session_new, the operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so.