CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2884
https://notcve.org/view.php?id=CVE-2014-2884
19 Mar 2018 — The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. La función ProcessVolumeDeviceControlIrp en Ntdriver.c en TrueCrypt 7.1a permite que usuarios locales omitan las restricciones de acceso y obtengan información sensible sobre archivos arbitrarios mediante una llamada (1) TC_IOCTL_OPEN_TEST o (2) TC_IOC... • http://www.openwall.com/lists/oss-security/2014/04/17/7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2885
https://notcve.org/view.php?id=CVE-2014-2885
19 Mar 2018 — Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. Múltiples desbordamientos de enteros en TrueCrypt 7.1a permiten que usuarios locales (1) obtengan información sensible median... • http://www.openwall.com/lists/oss-security/2014/04/17/7 • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •