CVE-2014-1647Improper Restriction of Operations within the Bounds of a Memory Buffer in Encryption Desktop

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.3%
top 45.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Encryption DesktopSymantec PGP Desktop
Timeline
PublishedApr 23
Latest updateMay 17

Description

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDsymantec/encryption_desktop10.3.0, 10.3.1, 10.3.2+2
NVDsymantec/pgp_desktop10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-2gch-58xm-v8m8: Symantec PGP Desktop 102022-05-17
CVEList
CVE-2014-1647: Symantec PGP Desktop 102014-04-23
CVE-2014-1647 — Symantec vulnerability | cvebase