CVE-2010-3073

NameCVE-2010-3073
DescriptionSSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs595998

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
encfs (PTS)bullseye1.9.5-1fixed
bookworm1.9.5-2fixed
forky, sid, trixie1.9.5-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
encfssource(unstable)1.7.2-1595998

Notes

[lenny] - encfs <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems