CVE-2012-4409

Name of the Vulnerable Software and Affected Versions mcrypt versions 2.6.8 and earlier

Description The issue is related to a stack-based buffer overflow in the check file head function, which can be exploited by user-assisted remote attackers. This can happen when an encrypted file with a crafted header containing long salt data is decrypted, and the data is not properly handled.

Recommendations For mcrypt versions 2.6.8 and earlier, as a temporary workaround, consider disabling the check file head function until a patch is available. Restrict access to encrypted files with crafted headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.