Carlo Contavalli

Name of the Vulnerable Software and Affected Versions: Matt Blaze Cryptographic File System (CFS) version 1.4.1 Description: The issue is related to multiple integer overflows in the `dodecrypt` and `doencrypt` functions in `cfs fh.c` in `cfsd`. This can cause a denial of service, specifically a daemon crash, when a local user appends data to a file that is larger than 2 Gb. Recommendations: For Matt Blaze Cryptographic File System (CFS) version 1.4.1, update to Debian GNU/Linux package 1.4.1-17 or later to resolve the issue. As a temporary workaround, consider restricting file sizes to prevent crashes until the update is applied.