Vulnerabilities > Cryptsetup Project > Cryptsetup > 2.2.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4122 Insufficient Verification of Data Authenticity vulnerability in Cryptsetup Project Cryptsetup
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device.
low complexity
cryptsetup-project CWE-345
4.3
2020-09-16 CVE-2020-14382 Out-of-bounds Write vulnerability in multiple products
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container.
7.8