cbcvebase.
CVE-2010-3073
published 2010-09-17

CVE-2010-3073: SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization…

PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.71%
49.0th percentile
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

Affected

10 ranges
VendorProductVersion rangeFixed in
arg0encfs<= 1.6.0
arg0encfs
arg0encfs
arg0encfs
arg0encfs
arg0encfs
arg0encfs>= 0 < 1.7.2-11.7.2-1
arg0encfs>= 0 < 1.7.2-11.7.2-1
arg0encfs>= 0 < 1.7.2-11.7.2-1
debianencfs< encfs 1.7.2-1 (bookworm)encfs 1.7.2-1 (bookworm)

CVSS provenance

nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.