CVE-2014-1646
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
References
- http://www.securityfocus.com/bid/67016
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
- http://www.securityfocus.com/bid/67016
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.