Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27125
HistorySep 21, 2020 - 6:37 a.m.

Arbitrary Code Execution

2020-09-2106:37:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
arbitrary code execution
buffer-overflow
luks2 format validation

EPSS

0.001

Percentile

43.5%

cryptsetup is vulnerable to arbitrary code execution. A buffer-overflow in the LUKS2 format validation code in the function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) in lib/luks2/luks2_json_metadata.c allows an attacker to write beyond allocated memory and potentially perform arbitrary code execution on the hoste OS.

Affected configurations

Vulners
Node
-cryptsetup\Matchfocal2\2.2.2-3ubuntu2
OR
-cryptsetup\Match3.112.2.2-r0
OR
-cryptsetup\Match3.122.3.2-r0
OR
cryptsetupMatch2.2.2_1.el8
OR
cryptsetupMatch2.0.6_1.el8
OR
cryptsetupMatch2.3.1_1.el8
OR
cryptsetupMatch2.2.0_2.el8
OR
cryptsetupMatch2.3.3_1.el8
OR
-cryptsetup\Matchedge2.3.1-r0
OR
-cryptsetup\Matchedge2.3.0-r0
OR
-cryptsetup\Matchedge2.3.3-r0
OR
-cryptsetup\Matchedge2.3.2-r0
OR
-cryptsetup\Matchedge2.3.1-r1
OR
-cryptsetup\Matchfocal2\2.2.2-3ubuntu2
OR
-cryptsetup\Match3.112.2.2-r0
OR
-cryptsetup\Match3.122.3.2-r0
OR
cryptsetupMatch2.2.2_1.el8
OR
cryptsetupMatch2.0.6_1.el8
OR
cryptsetupMatch2.3.1_1.el8
OR
cryptsetupMatch2.2.0_2.el8
OR
cryptsetupMatch2.3.3_1.el8
OR
-cryptsetup\Matchedge2.3.1-r0
OR
-cryptsetup\Matchedge2.3.0-r0
OR
-cryptsetup\Matchedge2.3.3-r0
OR
-cryptsetup\Matchedge2.3.2-r0
OR
-cryptsetup\Matchedge2.3.1-r1
VendorProductVersionCPE
-cryptsetup\focalcpe:2.3:a:-:cryptsetup\:focal:2\:2.2.2-3ubuntu2:*:*:*:*:*:*:*
-cryptsetup\3.11cpe:2.3:a:-:cryptsetup\:3.11:2.2.2-r0:*:*:*:*:*:*:*
-cryptsetup\3.12cpe:2.3:a:-:cryptsetup\:3.12:2.3.2-r0:*:*:*:*:*:*:*
*cryptsetup2.2.2_1.el8cpe:2.3:a:*:cryptsetup:2.2.2_1.el8:*:*:*:*:*:*:*
*cryptsetup2.0.6_1.el8cpe:2.3:a:*:cryptsetup:2.0.6_1.el8:*:*:*:*:*:*:*
*cryptsetup2.3.1_1.el8cpe:2.3:a:*:cryptsetup:2.3.1_1.el8:*:*:*:*:*:*:*
*cryptsetup2.2.0_2.el8cpe:2.3:a:*:cryptsetup:2.2.0_2.el8:*:*:*:*:*:*:*
*cryptsetup2.3.3_1.el8cpe:2.3:a:*:cryptsetup:2.3.3_1.el8:*:*:*:*:*:*:*
-cryptsetup\edgecpe:2.3:a:-:cryptsetup\:edge:2.3.1-r0:*:*:*:*:*:*:*
-cryptsetup\edgecpe:2.3:a:-:cryptsetup\:edge:2.3.0-r0:*:*:*:*:*:*:*
Rows per page:
1-10 of 131