Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcrypt | libmcrypt | 2.5.3 |
| mcrypt | libmcrypt | 2.5.1_r4 |
| mcrypt | libmcrypt | 2.5_.0 |
| mcrypt | libmcrypt | 2.5.2 |
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcrypt | libmcrypt | 2.5.3 |
| mcrypt | libmcrypt | 2.5.1_r4 |
| mcrypt | libmcrypt | 2.5_.0 |
| mcrypt | libmcrypt | 2.5.2 |
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcrypt | mcrypt | 2.6.7 |
| mcrypt | mcrypt | 2.6.4 |
| mcrypt | mcrypt | 2.6.6 |
| mcrypt | mcrypt | 2.6.5 |
| mcrypt | mcrypt | * |