Skip to main content

Cryptsetup

2 CVEs product

Monthly

CVE-2020-14382 HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2016-4484 MEDIUM POC PATCH This Month

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Debian Authentication Bypass Cryptsetup
NVD VulDB
CVSS 3.0
6.8
EPSS
0.5%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup +3
NVD
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Debian Authentication Bypass Cryptsetup
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy