CVE-2010-3073
Published Sep 17, 2010
Last updated 14 years ago
Overview
- Description
- SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B958CC56-A363-4A93-8AB7-4435FBB14373",
"versionEndIncluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A30A73A-DB18-4D44-85C1-9F6967A3EE5F"
},
{
"criteria": "cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8F97913-1DF7-4F49-A86F-382D4C77C9C4"
},
{
"criteria": "cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8CA1DC0-1445-4F8C-8A0A-0131D2ACF54E"
},
{
"criteria": "cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ED7EF13-E6EA-4E31-A4A8-067819DA854A"
},
{
"criteria": "cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "755C05A8-A1E0-46AF-A4A6-BF01469B1AA1"
}
],
"operator": "OR"
}
]
}
]