cryptsetup is vulnerable to arbitrary code execution. A buffer-overflow in the LUKS2 format validation code in the function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
in lib/luks2/luks2_json_metadata.c
allows an attacker to write beyond allocated memory and potentially perform arbitrary code execution on the hoste OS.
Vendor | Product | Version | CPE |
---|---|---|---|
- | cryptsetup\ | focal | cpe:2.3:a:-:cryptsetup\:focal:2\:2.2.2-3ubuntu2:*:*:*:*:*:*:* |
- | cryptsetup\ | 3.11 | cpe:2.3:a:-:cryptsetup\:3.11:2.2.2-r0:*:*:*:*:*:*:* |
- | cryptsetup\ | 3.12 | cpe:2.3:a:-:cryptsetup\:3.12:2.3.2-r0:*:*:*:*:*:*:* |
* | cryptsetup | 2.2.2_1.el8 | cpe:2.3:a:*:cryptsetup:2.2.2_1.el8:*:*:*:*:*:*:* |
* | cryptsetup | 2.0.6_1.el8 | cpe:2.3:a:*:cryptsetup:2.0.6_1.el8:*:*:*:*:*:*:* |
* | cryptsetup | 2.3.1_1.el8 | cpe:2.3:a:*:cryptsetup:2.3.1_1.el8:*:*:*:*:*:*:* |
* | cryptsetup | 2.2.0_2.el8 | cpe:2.3:a:*:cryptsetup:2.2.0_2.el8:*:*:*:*:*:*:* |
* | cryptsetup | 2.3.3_1.el8 | cpe:2.3:a:*:cryptsetup:2.3.3_1.el8:*:*:*:*:*:*:* |
- | cryptsetup\ | edge | cpe:2.3:a:-:cryptsetup\:edge:2.3.1-r0:*:*:*:*:*:*:* |
- | cryptsetup\ | edge | cpe:2.3:a:-:cryptsetup\:edge:2.3.0-r0:*:*:*:*:*:*:* |