Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2014/04/17/7 | Issue Tracking Mailing List |
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2014/04/17/7 | Issue Tracking Mailing List |
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf | Vendor Advisory |
Configurations
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2014/04/17/7 - Issue Tracking, Mailing List | |
References | () https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf - Vendor Advisory |
Information
Published : 2018-03-19 21:29
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2885
Mitre link : CVE-2014-2885
CVE.ORG link : CVE-2014-2885
JSON object : View
Products Affected
truecrypt_project
- truecrypt