{"id":"OESA-2026-2098","summary":"fio security update","details":"fio is a tool used to spawn many threads or processes that perform a specific type of io operation specified by the user.It accepts many global parameters inherited by threads.Its common method is to simulate jobs that match the specified io load.\r\n\r\nSecurity Fix(es):\n\nA NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.(CVE-2026-30656)","modified":"2026-04-25T06:05:06.553452Z","published":"2026-04-25T05:50:15Z","upstream":["CVE-2026-30656"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2098"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30656"}],"affected":[{"package":{"name":"fio","ecosystem":"openEuler:24.03-LTS-SP3","purl":"pkg:rpm/openEuler/fio&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.34-6.oe2403sp3"}]}],"ecosystem_specific":{"x86_64":["fio-3.34-6.oe2403sp3.x86_64.rpm","fio-debuginfo-3.34-6.oe2403sp3.x86_64.rpm","fio-debugsource-3.34-6.oe2403sp3.x86_64.rpm","fio-help-3.34-6.oe2403sp3.x86_64.rpm"],"aarch64":["fio-3.34-6.oe2403sp3.aarch64.rpm","fio-debuginfo-3.34-6.oe2403sp3.aarch64.rpm","fio-debugsource-3.34-6.oe2403sp3.aarch64.rpm","fio-help-3.34-6.oe2403sp3.aarch64.rpm"],"src":["fio-3.34-6.oe2403sp3.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2098.json"}}],"schema_version":"1.7.5"}