#VU37388 Integer overflow in truecrypt - CVE-2014-2885

Cybersecurity Help s.r.o.

Published: 2018-03-19 | Updated: 2020-08-08

Vulnerability identifier: #VU37388

Vulnerability risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2014-2885

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
truecrypt
Other software / Other software solutions

Vendor: www.truecrypt.org

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

truecrypt: 7.1

External links
https://www.openwall.com/lists/oss-security/2014/04/17/7
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in www.truecrypt truecrypt