CVE-2022-35928

Name of the Vulnerable Software and Affected Versions AES Crypt version 3.11

Description The issue is related to reading user-provided passwords and confirmations via command-line prompts in AES Crypt for Linux. Password lengths were not checked before being read, which may lead to buffer overruns. This vulnerability does not affect source code found on aescrypt.com, nor is it present when providing a password or a key via the -p or -k command-line options.

Recommendations For AES Crypt version 3.11, users are advised to upgrade to release 3.16 to fix the issue. Users unable to upgrade should use the -p or -k options to provide a password or key.