VYPR

Truecrypt

by Truecrypt Foundation

Source repositories

CVEs (9)

  • CVE-2015-7358HigOct 3, 2017
    risk 0.54cvss 7.8epss 0.01

    The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter…

  • CVE-2015-7359HigOct 3, 2017
    risk 0.51cvss 7.8epss 0.01

    The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at…

  • CVE-2016-1281HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the…

  • CVE-2014-2885HigMar 19, 2018
    risk 0.46cvss 7.1epss 0.00

    Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors…

  • CVE-2014-2884LowMar 19, 2018
    risk 0.21cvss 3.3epss 0.00

    The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.

  • CVE-2007-1738Mar 28, 2007
    risk 0.03cvss epss 0.01

    TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than…

  • CVE-2008-3899Sep 3, 2008
    risk 0.00cvss epss 0.00

    TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the…

  • CVE-2007-1589Mar 21, 2007
    risk 0.00cvss epss 0.00

    TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.

  • CVE-2006-2183May 4, 2006
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.