CVE-2026-30656: n/a
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.
AI Analysis
Technical Summary
This vulnerability in fio v3.41 arises from improper input validation in the str_fdp_pli_cb() callback function. When the fdp_pli option is specified without an argument in a job file, the function attempts to duplicate a NULL pointer using strdup(), leading to a NULL pointer dereference and segmentation fault. This results in the termination of the fio process. The vulnerability does not have an assigned CVSS score or known exploit code. No official patch or remediation guidance has been published at this time.
Potential Impact
The vulnerability causes a denial of service by crashing the fio process when processing malformed job files containing the fdp_pli option without an argument. There is no information about privilege escalation, data corruption, or remote code execution. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using job files that specify the fdp_pli option without an argument to prevent triggering the crash.
CVE-2026-30656: n/a
Description
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in fio v3.41 arises from improper input validation in the str_fdp_pli_cb() callback function. When the fdp_pli option is specified without an argument in a job file, the function attempts to duplicate a NULL pointer using strdup(), leading to a NULL pointer dereference and segmentation fault. This results in the termination of the fio process. The vulnerability does not have an assigned CVSS score or known exploit code. No official patch or remediation guidance has been published at this time.
Potential Impact
The vulnerability causes a denial of service by crashing the fio process when processing malformed job files containing the fdp_pli option without an argument. There is no information about privilege escalation, data corruption, or remote code execution. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using job files that specify the fdp_pli option without an argument to prevent triggering the crash.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e0fd6682d89c981f97e28e
Added to database: 4/16/2026, 3:16:54 PM
Last enriched: 4/16/2026, 3:33:01 PM
Last updated: 4/16/2026, 10:57:28 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.