exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2020-14382

Status Candidate

Overview

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

Related Files

Red Hat Security Advisory 2021-0313-01
Posted Feb 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0313-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.5.31.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14382, CVE-2021-20198
MD5 | 68ba17a9907fcecc1a724e5778c8872f
Red Hat Security Advisory 2021-0308-01
Posted Feb 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. Issues addressed include memory leak and privilege escalation vulnerabilities.

tags | advisory, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2015-8011, CVE-2016-2183, CVE-2020-14382, CVE-2021-20198, CVE-2021-3344
MD5 | cf98bcb5dc9aee853663397abafbe7df
Red Hat Security Advisory 2021-0310-01
Posted Feb 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.16.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14382, CVE-2020-27816
MD5 | e73d4165e5270767c4cdb8cb7784d79e
Red Hat Security Advisory 2021-0281-01
Posted Feb 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14382, CVE-2020-2304, CVE-2020-2305, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-25694, CVE-2020-25696, CVE-2020-8559, CVE-2020-8564, CVE-2021-20182
MD5 | e33fa7c834c8fb9a3c759afb31e4f19b
Red Hat Security Advisory 2021-0258-01
Posted Jan 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0258-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-14382
MD5 | 8faae84ae1a228c65e21ad58bd67bf2d
Red Hat Security Advisory 2020-4900-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4900-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-14382
MD5 | 2c5a7e021ae801f1128adc38b8e0cd36
Red Hat Security Advisory 2020-4542-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4542-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-14382
MD5 | a54f5405cae96f39d1c264abb315eedd
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close