High severity7.5NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026

CVE-2014-3462

Description

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Affected products

Encfs Project/Encfs
cpe:2.3:a:encfs_project:encfs:*:*:*:*:*:*:*:*
Range: <1.7.5
OpenSUSE/Leap2 versions
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-updates/2017-01/msg00090.htmlnvdThird Party Advisory
www.openwall.com/lists/oss-security/2014/05/14/2nvdMailing ListThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201512-09nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000