1. CVE-Search
  2. CVE-2014-3436
ID CVE-2014-3436
Summary Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:encryption_desktop:10.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:encryption_desktop:10.3.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 69259
confirm http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00
sectrack 1030761
xf symantec-encryption-cve20143436-dos(95406)
Last major update 29-08-2017 - 01:34
Published 22-08-2014 - 01:55
Last modified 29-08-2017 - 01:34
Back to Top