Showing 1 - 7 of 7

CVE-2020-14382

Status Candidate

Overview

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

Related Files

Red Hat Security Advisory 2021-0313-01: Posted Feb 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0313-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.5.31.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2021-20198; SHA-256 | 09fcd8920185ee3bacb93416a2429e21c795378829627e27f53da2f3a8a8e333; Download | Favorite | View

Red Hat Security Advisory 2021-0308-01: Posted Feb 8, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. Issues addressed include memory leak and privilege escalation vulnerabilities.; tags | advisory, vulnerability, memory leak; systems | linux, redhat; advisories | CVE-2015-8011, CVE-2016-2183, CVE-2020-14382, CVE-2021-20198, CVE-2021-3344; SHA-256 | dca033969dbad57e5b0b2d3a6a1dad57f3f1a39cd52810fbcbaa5225da1fd411; Download | Favorite | View

Red Hat Security Advisory 2021-0310-01: Posted Feb 8, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.16.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2020-27816; SHA-256 | 4f4d43c008a12651541f4fa4629d0b9852191fd33a490f815581f708c01c50d6; Download | Favorite | View

Red Hat Security Advisory 2021-0281-01: Posted Feb 3, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-14382, CVE-2020-2304, CVE-2020-2305, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-25694, CVE-2020-25696, CVE-2020-8559, CVE-2020-8564, CVE-2021-20182; SHA-256 | dbb2906dd388b0ae05e96eb75aa85f2757386ed1012ef745eb72036c24c8f74c; Download | Favorite | View

Red Hat Security Advisory 2021-0258-01: Posted Jan 26, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0258-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | 4e6a1228578167eee393498176a51ac4544e42906d66f3ad388a5cc9499359a3; Download | Favorite | View

Red Hat Security Advisory 2020-4900-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4900-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | cf58165efde588b08c5fb4569d418bf0586ab3d0b84b3dbe82c07d837aff9616; Download | Favorite | View

Red Hat Security Advisory 2020-4542-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4542-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2020-14382; SHA-256 | f5b7c94c4d5996e9e53696f29f3c0f820ae526fff6580bffe2989957a5e66d1a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2020-14382

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems