CVE-2014-2885
7.1
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Exploitability: 1.8 / Impact: 5.2
Source: NVD
Description
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
Affected (1)
Products: Truecrypt Project: Truecrypt
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.1 a |
Related CWEs
CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can
produce an integer overflow or wraparound when the logic
assumes that the resulting value will always be larger than
the original value. This occurs when an integer value is
incremented to a value that is too large to store in the
associated representation. When this occurs, the value may
become a very small or negative number.
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References (4)
Source: secalert@redhat.com
Issue TrackingMailing List
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.