Launchpad CVE tracker

CVE 2012-4409

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Related bugs and status

CVE-2012-4409 (Candidate) is related to these bugs:

Bug #1051391: Sync mcrypt 2.6.8-1.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1051391	Sync mcrypt 2.6.8-1.1 (universe) from Debian unstable (main)		mcrypt (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
MISC: http://www.securitytra...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.openwall.co...
MISC: https://bugzilla.redha...

Launchpad.net

CVE 2012-4409

Related bugs and status

Related bugs

References