CVE-2019-1010208

Name of the Vulnerable Software and Affected Versions: Veracrypt versions prior to 1.23-Hotfix-1 Truecrypt all versions

Description: The issue is related to a buffer overflow in the Veracrypt NT Driver (veracrypt.sys) component, which can lead to minor information disclosure of the kernel stack. This can be exploited through locally executed code by sending an IOCTL request to the driver.

Recommendations: For Veracrypt versions prior to 1.23-Hotfix-1, update to version 1.23-Hotfix-1 to resolve the issue. For Truecrypt, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Veracrypt NT Driver (veracrypt.sys) to minimize the risk of exploitation.