Cryptsetup Project Cryptsetup vulnerabilities

CVE-2021-4122 [MEDIUM] CWE-345 CVE-2021-4122: It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption d It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

CVE-2020-14382 [HIGH] CWE-787 CVE-2020-14382: A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_obje

CVE-2016-4484 [MEDIUM] CWE-287 CVE-2016-4484: The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximat The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.