汇总 truecrypt_foundation 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 路径处理缺陷与拒绝服务,在 生产负载与软件部署 使用场景中可能带来 文件覆盖 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2008-3899 | TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability. | [email protected] | 2.1 | 0.06% | 2008-09-03 | 2026-04-23 |
| CVE-2007-1738 | TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589. | [email protected] | 6.9 | 0.21% | 2007-03-28 | 2026-04-23 |
| CVE-2007-1589 | TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. | [email protected] | 2.1 | 0.06% | 2007-03-21 | 2026-04-23 |
| CVE-2006-2183 | Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | [email protected] | 7.2 | 0.06% | 2006-05-04 | 2026-04-16 |