CVE-2010-3073 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-3073 Interim 1 6 2025-04-11T23:39:47Z current 2021-05-30T12:53:03Z 2025-04-11T23:39:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-3073 SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JM6O73UJO5HWG5RGIFFSFKGTDNFSGYWB/#JM6O73UJO5HWG5RGIFFSFKGTDNFSGYWB E-Mail link for SUSE-SR:2010:023 https://www.suse.com/support/security/rating/ SUSE Security Ratings SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. CVE-2010-3073 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N