1. CVE-Search
  2. CVE-2020-14382
ID CVE-2020-14382
Summary A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.
References
Vulnerable Configurations
  • cpe:2.3:a:cryptsetup_project:cryptsetup:2.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:cryptsetup_project:cryptsetup:2.2.0:-:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 01-01-2022 - 18:39)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1874712
title CVE-2020-14382 cryptsetup: Out-of-bounds write when validating segments
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment cryptsetup is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542001
        • comment cryptsetup is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542002
      • AND
        • comment cryptsetup-debugsource is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542003
        • comment cryptsetup-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542004
      • AND
        • comment cryptsetup-devel is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542005
        • comment cryptsetup-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542006
      • AND
        • comment cryptsetup-libs is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542007
        • comment cryptsetup-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542008
      • AND
        • comment cryptsetup-reencrypt is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542009
        • comment cryptsetup-reencrypt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542010
      • AND
        • comment integritysetup is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542011
        • comment integritysetup is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542012
      • AND
        • comment veritysetup is earlier than 0:2.3.3-2.el8
          oval oval:com.redhat.rhsa:tst:20204542013
        • comment veritysetup is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204542014
rhsa
id RHSA-2020:4542
released 2020-11-04
severity Moderate
title RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate)
rpms
  • cryptsetup-0:2.3.3-2.el8
  • cryptsetup-debuginfo-0:2.3.3-2.el8
  • cryptsetup-debugsource-0:2.3.3-2.el8
  • cryptsetup-devel-0:2.3.3-2.el8
  • cryptsetup-libs-0:2.3.3-2.el8
  • cryptsetup-libs-debuginfo-0:2.3.3-2.el8
  • cryptsetup-reencrypt-0:2.3.3-2.el8
  • cryptsetup-reencrypt-debuginfo-0:2.3.3-2.el8
  • integritysetup-0:2.3.3-2.el8
  • integritysetup-debuginfo-0:2.3.3-2.el8
  • veritysetup-0:2.3.3-2.el8
  • veritysetup-debuginfo-0:2.3.3-2.el8
  • cryptsetup-0:2.2.0-2.el8_1.1
  • cryptsetup-debuginfo-0:2.2.0-2.el8_1.1
  • cryptsetup-debugsource-0:2.2.0-2.el8_1.1
  • cryptsetup-devel-0:2.2.0-2.el8_1.1
  • cryptsetup-libs-0:2.2.0-2.el8_1.1
  • cryptsetup-libs-debuginfo-0:2.2.0-2.el8_1.1
  • cryptsetup-reencrypt-0:2.2.0-2.el8_1.1
  • cryptsetup-reencrypt-debuginfo-0:2.2.0-2.el8_1.1
  • integritysetup-0:2.2.0-2.el8_1.1
  • integritysetup-debuginfo-0:2.2.0-2.el8_1.1
  • veritysetup-0:2.2.0-2.el8_1.1
  • veritysetup-debuginfo-0:2.2.0-2.el8_1.1
refmap via4
fedora
  • FEDORA-2020-5ed5af6275
  • FEDORA-2020-8c76e12e62
misc https://bugzilla.redhat.com/show_bug.cgi?id=1874712
ubuntu USN-4493-1
Last major update 01-01-2022 - 18:39
Published 16-09-2020 - 15:15
Last modified 01-01-2022 - 18:39
Back to Top