CVE-2014-3436

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.

Published: Aug 22, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3436
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
symantec / pgp_desktop	10.2.2	10.2.2.x
symantec / pgp_desktop	10.1.0	10.1.0.x
symantec / pgp_desktop	10.2.0	10.2.0.x
symantec / pgp_desktop	10.1.1	10.1.1.x
symantec / pgp_desktop	10.0.0	10.0.0.x
symantec / pgp_desktop	10.0.2	10.0.2.x
symantec / pgp_desktop	10.0.3	10.0.3.x
symantec / pgp_desktop	10.1.2	10.1.2.x
symantec / pgp_desktop	10.0.1	10.0.1.x
symantec / pgp_desktop	10.2.1	10.2.1.x
symantec / encryption_desktop	10.3.1	10.3.1.x
symantec / encryption_desktop	10.3.2	10.3.2.x
symantec / encryption_desktop	10.3.0	10.3.0.x

http://www.securityfocus.com/bid/69259
http://www.securitytracker.com/id/1030761
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/95406

Vulnerability Database

290,206

CVE-2014-3436