CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/14/2 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1097537 Issue Tracking Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201512-09 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:encfs_project:encfs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-07 20:29

Updated : 2024-02-28 16:04


NVD link : CVE-2014-3462

Mitre link : CVE-2014-3462

CVE.ORG link : CVE-2014-3462


JSON object : View

Products Affected

encfs_project

  • encfs

opensuse

  • opensuse
  • leap
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor