CVE-2014-2885
HIGHTrueCrypt 7.1a - Integer Overflow in EncryptedIoQueue.c and Ntdriver.c
Title source: llmDescription
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
Issue Tracking, Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/17/7
Scores
CVSS v3
7.1
EPSS
0.0029
EPSS Percentile
21.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-190
CWE-200
CWE-400
Status
published
Products (1)
truecrypt_project/truecrypt
7.1 a
Published
Mar 19, 2018
Tracked Since
Feb 18, 2026