exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

CVE-2020-14382

больше 5 лет назад

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

CVSS3: 7.8

EPSS: Низкий

CVE-2020-14382

больше 5 лет назад

CVSS3: 7.8

EPSS: Низкий

CVE-2020-14382

больше 5 лет назад

CVSS3: 7.8

EPSS: Низкий

CVE-2020-14382

больше 5 лет назад

A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...

CVSS3: 7.8

EPSS: Низкий

GHSA-v8mw-xqhr-2vqp

больше 3 лет назад

EPSS: Низкий

ELSA-2020-4542

около 5 лет назад

ELSA-2020-4542: cryptsetup security, bug fix, and enhancement update (MODERATE)

EPSS: Низкий

BDU:2023-01662

больше 5 лет назад

Уязвимость функции hdr_validate_segments() компонента lib/luks2/luks2_json_metadata.c программы шифрования диска Cryptsetup, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-14382 A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(intervals));"). Due to the bug, library can be tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.	CVSS3: 7.8	0% Низкий	больше 5 лет назад
CVE-2020-14382 A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(intervals));"). Due to the bug, library can be tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.	CVSS3: 7.8	0% Низкий	больше 5 лет назад
CVE-2020-14382 A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(intervals));"). Due to the bug, library can be tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.	CVSS3: 7.8	0% Низкий	больше 5 лет назад
CVE-2020-14382 A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...	CVSS3: 7.8	0% Низкий	больше 5 лет назад
GHSA-v8mw-xqhr-2vqp A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(intervals));"). Due to the bug, library can be tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.		0% Низкий	больше 3 лет назад
ELSA-2020-4542 ELSA-2020-4542: cryptsetup security, bug fix, and enhancement update (MODERATE)			около 5 лет назад
BDU:2023-01662 Уязвимость функции hdr_validate_segments() компонента lib/luks2/luks2_json_metadata.c программы шифрования диска Cryptsetup, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании	CVSS3: 7.5	0% Низкий	больше 5 лет назад

Уязвимостей на страницу