CVE-2014-2885
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
Múltiples desbordamientos de enteros en TrueCrypt 7.1a permiten que usuarios locales (1) obtengan información sensible mediante vectores relacionados con un valor item->OriginalLength manipulado en la función MainThreadProc en EncryptedIoQueue.c o (2) provoquen una denegación de servicio (consumo de memoria) mediante vectores relacionados con valores StartingOffset y Length grandes en la función ProcessVolumeDeviceControlIrp en Ntdriver.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-04-17 CVE Reserved
- 2018-03-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/04/17/7 | Issue Tracking |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Truecrypt Project Search vendor "Truecrypt Project" | Truecrypt Search vendor "Truecrypt Project" for product "Truecrypt" | 7.1 Search vendor "Truecrypt Project" for product "Truecrypt" and version "7.1" | a |
Affected
| ||||||