CVE-2019-1010208
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1.
IDRIX, Truecrypt Veracrypt, Truecrypt Anterior de 1.23-Hotfix-1 (Veracrypt), todas las versiones (Truecrypt) se ven afectadas por: Desbordamiento de búfer. El impacto es: Divulgación de información menor de la pila del Kernel. El componente es: Veracrypt NT Driver (veracrypt.sys). El vector de ataque es: Código ejecutado localmente, solicitud IOCTL al controlador. La versión fija es: 1.23-Hotfix-1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-20 CVE Reserved
- 2019-07-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/veracrypt/VeraCrypt/commit/f30f9339c9a0b9bbcc6f5ad38804af39db1f479e | 2019-08-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Idrix Search vendor "Idrix" | Truecrypt Search vendor "Idrix" for product "Truecrypt" | * | - |
Affected
| ||||||
| Idrix Search vendor "Idrix" | Veracrypt Search vendor "Idrix" for product "Veracrypt" | <= 1.23 Search vendor "Idrix" for product "Veracrypt" and version " <= 1.23" | - |
Affected
| ||||||