CVE-2014-2885

Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
Configurations

Configuration 1 (hide)

cpe:2.3:a:truecrypt_project:truecrypt:7.1:a:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2014/04/17/7 - Issue Tracking, Mailing List () http://www.openwall.com/lists/oss-security/2014/04/17/7 - Issue Tracking, Mailing List
References () https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf - Vendor Advisory () https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf - Vendor Advisory

Information

Published : 2018-03-19 21:29

Updated : 2024-11-21 02:07


NVD link : CVE-2014-2885

Mitre link : CVE-2014-2885

CVE.ORG link : CVE-2014-2885


JSON object : View

Products Affected

truecrypt_project

  • truecrypt
CWE
CWE-190

Integer Overflow or Wraparound

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-400

Uncontrolled Resource Consumption