PT-2014-5321 · Symantec · Symantec Encryption Desktop+1

Publicado

2014-08-22

Atualizado

2017-08-29

CVE-2014-3436

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Symantec Encryption Desktop versions 10.3.x through 10.3.2 MP2 Symantec PGP Desktop versions 10.0.x through 10.2.x

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory resources, by sending a crafted encrypted e-mail message that decompresses to a larger size.

Recommendations For Symantec Encryption Desktop versions 10.3.x through 10.3.2 MP2, update to version 10.3.2 MP3 or later. For Symantec PGP Desktop versions 10.0.x through 10.2.x, consider upgrading to a version of Symantec Encryption Desktop that is not affected, as Symantec PGP Desktop versions 10.0.x through 10.2.x are end of life.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2014-3436

Produtos afetados

Symantec Encryption Desktop

Symantec Pgp Desktop

PT-2014-5321 · Symantec · Symantec Encryption Desktop+1

CVE-2014-3436

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5