PT-2014-5321 · Symantec · Symantec Encryption Desktop+1

Published

2014-08-22

Updated

2017-08-29

CVE-2014-3436

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Symantec Encryption Desktop versions 10.3.x through 10.3.2 MP2 Symantec PGP Desktop versions 10.0.x through 10.2.x

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory resources, by sending a crafted encrypted e-mail message that decompresses to a larger size.

Recommendations For Symantec Encryption Desktop versions 10.3.x through 10.3.2 MP2, update to version 10.3.2 MP3 or later. For Symantec PGP Desktop versions 10.0.x through 10.2.x, consider upgrading to a version of Symantec Encryption Desktop that is not affected, as Symantec PGP Desktop versions 10.0.x through 10.2.x are end of life.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-3436

Affected Products

Symantec Encryption Desktop

Symantec Pgp Desktop

PT-2014-5321 · Symantec · Symantec Encryption Desktop+1

CVE-2014-3436

Weakness Enumeration

Related Identifiers

Affected Products

References · 5