CVE-2014-1647 - Vulnerability Details - OpenCVE

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Encryption Desktop Pgp Desktop

Configuration 1 [-]

OR	cpe:2.3:a:symantec:pgp_desktop:10.0.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.2:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.3:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.2:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.0:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.1:::::::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:symantec:encryption_desktop:10.3.0::::professional:::
	cpe:2.3:a:symantec:encryption_desktop:10.3.1::::professional:::
	cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:::professional:::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/67020
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2014-04-23T19:00:00

Updated: 2024-08-06T09:50:09.763Z

Reserved: 2014-01-23T00:00:00

Link: CVE-2014-1647

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-04-23T19:55:05.267

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-1647

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-23T19:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "67020", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67020"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2014-1647", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67020", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67020"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:09.763Z"}, "title": "CVE Program Container", "references": [{"name": "67020", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67020"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2014-1647", "datePublished": "2014-04-23T19:00:00", "dateReserved": "2014-01-23T00:00:00", "dateUpdated": "2024-08-06T09:50:09.763Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*", "matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*", "matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*", "matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."}, {"lang": "es", "value": "Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realizan debidamente movimientos de bloques de datos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (violaci\u00f3n de lectura de acceso y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un certificado malformado."}], "id": "CVE-2014-1647", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-04-23T19:55:05.267", "references": [{"source": "secure@symantec.com", "url": "http://www.securityfocus.com/bid/67020"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}