Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AES Crypt for Linux Password Security Vulnerability
Vulnerability Description
AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Packetizer AES Crypt 授权问题漏洞
Vulnerability Description
Packetizer AES Crypt是Packetizer公司的一种高级文件加密实用程序。使用行业标准高级加密标准 (AES) 轻松安全地加密文件。 Packetizer AES Crypt 3.11版本存在安全漏洞,该漏洞源于在通过命令行提示读取用户提供的密码和确认信息时,在读取密码之前没有检查密码的长度。这可能导致缓冲区溢出,这并不影响aescrypt.com上的源代码,当通过-p或-k命令行选项提供密码或密钥时也不存在该漏洞。
CVSS Information
N/A
Vulnerability Type
N/A