Showing 1 - 7 of 7

CVE-2020-14382

Status Candidate

Overview

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

Related Files

Red Hat Security Advisory 2021-0313-01: Posted Feb 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0313-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.5.31.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2021-20198; SHA-256 | 09fcd8920185ee3bacb93416a2429e21c795378829627e27f53da2f3a8a8e333; Download | Favorite | View

Red Hat Security Advisory 2021-0308-01: Posted Feb 8, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. Issues addressed include memory leak and privilege escalation vulnerabilities.; tags | advisory, vulnerability, memory leak; systems | linux, redhat; advisories | CVE-2015-8011, CVE-2016-2183, CVE-2020-14382, CVE-2021-20198, CVE-2021-3344; SHA-256 | dca033969dbad57e5b0b2d3a6a1dad57f3f1a39cd52810fbcbaa5225da1fd411; Download | Favorite | View

Red Hat Security Advisory 2021-0310-01: Posted Feb 8, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.16.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2020-27816; SHA-256 | 4f4d43c008a12651541f4fa4629d0b9852191fd33a490f815581f708c01c50d6; Download | Favorite | View

Red Hat Security Advisory 2021-0281-01: Posted Feb 3, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2020-2304, CVE-2020-2305, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-25694, CVE-2020-25696, CVE-2020-8559, CVE-2020-8564, CVE-2021-20182; SHA-256 | dbb2906dd388b0ae05e96eb75aa85f2757386ed1012ef745eb72036c24c8f74c; Download | Favorite | View

Red Hat Security Advisory 2021-0258-01: Posted Jan 26, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0258-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | 4e6a1228578167eee393498176a51ac4544e42906d66f3ad388a5cc9499359a3; Download | Favorite | View

Red Hat Security Advisory 2020-4900-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4900-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | cf58165efde588b08c5fb4569d418bf0586ab3d0b84b3dbe82c07d837aff9616; Download | Favorite | View

Red Hat Security Advisory 2020-4542-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4542-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | f5b7c94c4d5996e9e53696f29f3c0f820ae526fff6580bffe2989957a5e66d1a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2020-14382

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems