Vulnerabilities > Cryptsetup Project > Cryptsetup > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2021-4122 | Insufficient Verification of Data Authenticity vulnerability in Cryptsetup Project Cryptsetup It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. | 4.3 |
| 2020-09-16 | CVE-2020-14382 | Out-of-bounds Write vulnerability in multiple products A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. | 7.8 |