Symantec PGP and Encryption Desktop Denial of Service Vulnerability
Last Revised
Symantec has released Encryption Desktop 10.3.2 MP3 to address a vulnerability which could allow an attacker to cause a denial-of-service condition on a client system. The affected versions fail to limit the decompressed file size during the decryption process, which could result in excessive CPU and memory usage and potentially causing a system to become unresponsive or crash.
Affected versions include:
- Symantec PGP Desktop 10.0.x, 10.1.x, and 10.2.x
- Symantec Encryption Desktop 10.3.0, 10.3.1, and 10.3.2
US-CERT recommends that users and administrators review the Symantec Security Advisory and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.