Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
fio v3.41 Crashes When Parsing Malformed Job Files
DEBIAN-CVE-2026-30656
Summary
A security issue in fio v3.41 can cause the program to crash if it encounters a specific type of malformed job file. This could potentially be exploited by an attacker to disrupt fio operations. To protect your system, ensure you're running the latest version of fio.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | fio | All versions |
| Debian:12 | debian | fio | All versions |
| Debian:13 | debian | fio | All versions |
| Debian:14 | debian | fio | All versions |
Original title
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the...
Original description
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.
- https://security-tracker.debian.org/tracker/CVE-2026-30656 Vendor Advisory
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026