CVE-2014-3436

CWE-3103 documents3 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 39.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Encryption DesktopSymantec PGP Desktop
Timeline
PublishedAug 22
Latest updateMay 17

Description

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDsymantec/encryption_desktop10.3.0, 10.3.1, 10.3.2+2
NVDsymantec/pgp_desktop10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-82pv-9q9v-m73r: Symantec Encryption Desktop 102022-05-17
CVEList
CVE-2014-3436: Symantec Encryption Desktop 102014-08-22
CVE-2014-3436 (MEDIUM CVSS 5) | Symantec Encryption Desktop 10.3.x | cvebase.io